acts_as_textcaptcha 1.1.0

data/.gitignore

@@ -0,0 +1,5 @@
+*.gemspec
+*.gem
+*.db      
+doc
+coverage

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2010 Matthew Hutchinson
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -0,0 +1,37 @@
+= Act as TextCaptcha
+
+== About
+
+== Caveats
+
+Ongoing issues with this project include;
+
+* needs tests
+
+== Setup / Using
+
+=== Requirements
+
+What do you need?
+
+=== Installing
+
+  script/plugin install git://github.com/hiddenloop/acts_as_textcaptcha
+
+== Using
+
+== What does the code do?
+
+== Credits
+
+Who's who?
+
+* Authored by "Matthew Hutchinson":http://matthewhutchinson.net
+
+== Get out clause
+
+Right now this script is provided without warranty, or support from the author.
+
+== Creative Commons License
+
+<a rel="license" href="http://creativecommons.org/licenses/by/2.0/uk/"><img alt="Creative Commons License" style="border-width:0" src="http://i.creativecommons.org/l/by/2.0/uk/80x15.png" /></a>

data/Rakefile

@@ -0,0 +1,48 @@
+require 'rake'
+require 'rake/rdoctask'
+require 'spec/rake/spectask'
+require 'spec'
+
+desc 'Default: run spec tests.'
+task :default => :spec
+task :test    => :spec
+
+desc "Run all specs"
+Spec::Rake::SpecTask.new(:spec) do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+  t.spec_opts = ['--options', 'spec/spec.opts']
+end 
+
+desc "Run all specs with RCov"
+Spec::Rake::SpecTask.new(:rcov) do |t|
+  t.spec_files = FileList['spec/**/*_spec.rb']
+  t.rcov = true
+  t.rcov_opts = ['--exclude', 'spec']
+end
+
+desc 'Generate documentation for the acts_as_textcaptcha plugin.'
+Rake::RDocTask.new(:rdoc) do |rdoc|
+  rdoc.rdoc_dir = 'doc'
+  rdoc.title    = 'acts_as_textcaptcha'
+  rdoc.options << '--line-numbers' << '--inline-source'
+  rdoc.rdoc_files.include('README.rdoc', 'LICENSE')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end   
+
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gemspec|
+    gemspec.name = "acts_as_textcaptcha"
+    gemspec.summary = "Spam protection for your models via logic questions and the excellent textcaptcha.com api"
+    gemspec.description = "Spam protection for your ActiveRecord models using logic questions and the excellent textcaptcha api. See textcaptcha.com for more details and to get your api key.
+  The logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.
+  For more reasons on why logic questions are useful, see here; http://textcaptcha.com/why"
+    gemspec.email = "matt@hiddenloop.com"
+    gemspec.homepage = "http://github.com/hiddenloop/acts_as_textcaptcha"
+    gemspec.authors = ["Matthew Hutchinson"]
+  end           
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler not available. Install it with: gem install jeweler"
+end

data/VERSION

@@ -0,0 +1 @@
+1.1.0

data/config/textcaptcha.yml

@@ -0,0 +1,36 @@
+development: &non_production_settings
+  api_key: 8u5ixtdnq9csc84cok0owswgo
+  # bcrypt can be used to encrypt valid possible answers in your session; http://bcrypt-ruby.rubyforge.org/
+  # (recommended if you are using cookie session storage)
+  # NOTE: bcrypt_salt must be a valid bcrypt salt; for security PLEASE CHANGE THIS, open irb and enter; require 'bcrypt'; BCrypt::Engine.generate_salt
+  bcrypt_salt: $2a$10$j0bmycH.SVfD1b5mpEGPpe
+  # an optional logarithmic var which determines how computational expensive the hash is to calculate (a cost of 4 is twice as much work as a cost of 3)
+  bcrypt_cost: 10 # default is 10, must be > 4 (large number means slower encryption)           
+  # if you'd rather NOT use bcrypt, just remove these two settings, bcrypt_salt and bcrypt_cost, valid possible answers will be MD5 digested in your session
+  questions:
+      - question: 'Is ice hot or cold?'
+        answers: 'cold'
+      - question: 'what color is an orange?'
+        answers: 'orange'
+      - question: 'what is two plus 3?'
+        answers: '5,five'
+      - question: 'what is 5 times two?'
+        answers: '10,ten'
+      - question: 'How many colors in the list, green, brown, foot and blue?'
+        answers: '3,three'
+      - question: 'what is Georges name?'
+        answers: 'george'
+      - question: '11 minus 1?'
+        answers: '10,ten'
+      - question: 'is boiling water hot or cold?'
+        answers: 'hot'
+      - question: 'what color is my blue shirt today?'
+        answers: 'blue'
+      - question: 'what is 16 plus 4?'
+        answers: '20,twenty'
+        
+test: 
+  *non_production_settings
+  
+production:
+  *non_production_settings

data/init.rb

@@ -0,0 +1 @@
+require File.dirname(__FILE__) + '/rails/init'

data/lib/acts_as_textcaptcha.rb

@@ -0,0 +1,96 @@
+begin
+  require 'xml'
+  require 'yaml'
+  require 'net/http'
+  require 'md5'
+  require 'logger'  
+  require 'bcrypt'
+rescue LoadError
+end
+
+module ActsAsTextcaptcha #:nodoc:
+
+  def acts_as_textcaptcha(options = nil)
+    cattr_accessor :textcaptcha_config
+    attr_accessor  :spam_answer, :spam_question, :possible_answers
+                            
+    if options.is_a?(Hash)
+      self.textcaptcha_config = options
+    else
+      begin
+        self.textcaptcha_config = YAML.load(File.read("#{(defined? RAILS_ROOT) ? "#{RAILS_ROOT}" : '.'}/config/textcaptcha.yml"))[((defined? RAILS_ENV) ? RAILS_ENV : 'test')]
+      rescue Errno::ENOENT
+        raise('./config/textcaptcha.yml not found')
+      end
+    end
+
+    include InstanceMethods
+  end
+  
+
+  module InstanceMethods
+
+    def skip_spam_check?; false end
+
+    def allowed?; true end
+
+    def validate     
+      if new_record?
+        if allowed?
+          if possible_answers && !skip_spam_check? && !validate_spam_answer
+            errors.add(:spam_answer, 'is incorrect, try another question instead') 
+            return false
+          end
+        else
+          errors.add_to_base("Sorry, #{self.class.name.pluralize.downcase} are currently disabled")
+          return false
+        end
+      end
+      true
+    end     
+    
+    def validate_spam_answer
+      spam_answer ? possible_answers.include?(encrypt_answer(Digest::MD5.hexdigest(spam_answer.strip.downcase.to_s))) : false
+    end
+     
+    def encrypt_answers(answers)   
+      answers.map {|answer| encrypt_answer(answer) }
+    end
+       
+    def encrypt_answer(answer)          
+      return answer unless(textcaptcha_config['bcrypt_salt'])
+      BCrypt::Engine.hash_secret(answer, textcaptcha_config['bcrypt_salt'], (textcaptcha_config['bcrypt_cost'] || 10))
+    end            
+    
+    def generate_spam_question(use_textcaptcha = true)
+      if use_textcaptcha && textcaptcha_config && textcaptcha_config['api_key']
+        begin
+          resp = Net::HTTP.get(URI.parse('http://textcaptcha.com/api/'+textcaptcha_config['api_key']))
+          if !resp.empty? && xml = XML::Parser.string(resp).parse
+            self.spam_question    = xml.find('/captcha/question')[0].inner_xml
+            self.possible_answers = encrypt_answers(xml.find('/captcha/answer').map(&:inner_xml))
+          end
+          return possible_answers if spam_question && !possible_answers.empty?
+        rescue SocketError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNREFUSED,
+               Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError, URI::InvalidURIError => e
+          log_textcaptcha("failed to load or parse textcaptcha with key '#{textcaptcha_config['api_key']}'; #{e}")
+        end
+      end
+
+      # fall back to textcaptcha_config questions
+      if textcaptcha_config && textcaptcha_config['questions']
+        log_textcaptcha('falling back to random logic question from config') if textcaptcha_config['api_key']
+        random_question       = textcaptcha_config['questions'][rand(textcaptcha_config['questions'].size)]
+        self.spam_question    = random_question['question']
+        self.possible_answers = encrypt_answers(random_question['answers'].split(',').map!{|ans| Digest::MD5.hexdigest(ans)})
+      end     
+      possible_answers
+    end
+
+    private
+    def log_textcaptcha(message)
+      logger ||= Logger.new(STDOUT)
+      logger.info "Textcaptcha >> #{message}"
+    end
+  end
+end

data/lib/textcaptcha_helper.rb

@@ -0,0 +1,6 @@
+module TextcaptchaHelper
+
+  def spamify(model)
+    session[:possible_answers] = model.generate_spam_question unless model.validate_spam_answer
+  end
+end

data/rails/init.rb

@@ -0,0 +1,9 @@
+require 'acts_as_textcaptcha'             
+
+if defined?(ActiveRecord::Base)
+  ActiveRecord::Base.extend ActsAsTextcaptcha
+end
+
+if defined?(ActionController::Base)
+  ActionController::Base.send :include, TextcaptchaHelper
+end

data/spec/acts_as_textcaptcha_spec.rb

@@ -0,0 +1,183 @@
+require File.join(File.dirname(__FILE__), 'spec_helper')
+
+class Widget < ActiveRecord::Base
+  # uses textcaptcha.yml file for configuration
+  acts_as_textcaptcha
+end
+
+class Comment < ActiveRecord::Base
+  # inline options with api_key only
+  acts_as_textcaptcha({'api_key' => '8u5ixtdnq9csc84cok0owswgo'})
+end
+
+class Review < ActiveRecord::Base
+  # inline options with all possible options
+  acts_as_textcaptcha({'api_key'     => '8u5ixtdnq9csc84cok0owswgo',
+                       'bcrypt_salt' => '$2a$10$j0bmycH.SVfD1b5mpEGPpe',
+                       'bcrypt_cost' => '3',
+                       'questions'   => [{'question' => '1+1', 'answers' => '2,two'},
+                                         {'question' => 'The green hat is what color?', 'answers' => 'green'},
+                                         {'question' => 'Which is bigger: 67, 14 or 6', 'answers' => '67,sixtyseven,sixty seven,sixty-seven'}]})
+end
+
+class Note < ActiveRecord::Base
+  # inline options with user defined questions only (no textcaptcha service)
+  acts_as_textcaptcha('questions' => [{'question' => '1+1', 'answers' => '2,two'}])
+end
+
+
+describe 'ActsAsTextcaptcha' do
+
+  before(:each) do
+    @comment = Comment.new
+    @review  = Review.new
+    @note    = Note.new
+  end
+
+  describe 'validations' do
+
+    before(:each) do
+      @note.generate_spam_question
+      @note.validate.should be_false
+    end
+
+    it 'should validate spam answer with possible answers' do
+      @note.spam_answer = '2'
+      @note.validate.should be_true
+
+      @note.spam_answer = 'two'
+      @note.validate.should be_true
+
+      @note.spam_answer = 'wrong'
+      @note.validate.should be_false
+    end
+
+    it 'should strip whitespace and downcase spam answer' do
+      @note.spam_answer = ' tWo '
+      @note.validate.should be_true
+
+      @note.spam_answer = ' 2   '
+      @note.validate.should be_true
+    end
+
+    it 'should always validate if not a new record' do
+      @note.spam_answer = '2'
+      @note.save!
+      @note.generate_spam_question
+      @note.new_record?.should be_false
+      @note.validate.should be_true
+    end
+  end
+
+  describe 'encryption' do
+
+    it 'should encrypt answers' do
+      @review.encrypt_answers(['123', '456']).should eql(['$2a$10$j0bmycH.SVfD1b5mpEGPperNj9IlIHoieNk38UDQFdtREOmRFKgou',
+                                                          '$2a$10$j0bmycH.SVfD1b5mpEGPpeqf88jqdV6gIgeJLQNjUnufIn8dys1fW'])
+    end
+
+    it 'should encrypt a single answer' do
+      @review.encrypt_answer('123').should eql('$2a$10$j0bmycH.SVfD1b5mpEGPperNj9IlIHoieNk38UDQFdtREOmRFKgou')
+    end
+
+    it 'should not encrypt if no bycrpt-salt set' do
+      @comment.encrypt_answer('123').should eql('123')
+      @comment.encrypt_answers(['123', '456']).should eql(['123', '456'])
+    end
+  end
+
+  describe 'flags' do
+
+    it 'should always be valid if skip_spam_check? is true' do
+      @comment.generate_spam_question
+      @comment.validate.should be_false
+      @comment.stub!(:skip_spam_check?).and_return(true)
+      @comment.validate.should be_true
+      @comment.should be_valid
+    end
+
+    it 'should always fail validation if allowed? is false' do
+      @comment.validate.should be_true
+      @comment.stub!(:allowed?).and_return(false)
+      @comment.validate.should be_false
+      @comment.errors.on(:base).should eql('Sorry, comments are currently disabled')
+      @comment.should_not be_valid
+    end
+  end
+
+  describe 'with inline options hash' do
+
+    it 'should be configurable from inline options' do
+      @comment.textcaptcha_config.should eql({'api_key' => '8u5ixtdnq9csc84cok0owswgo'})
+      @review.textcaptcha_config.should eql({'bcrypt_cost'=>'3', 'questions'=>[{'question'=>'1+1', 'answers'=>'2,two'}, {'question'=>'The green hat is what color?', 'answers'=>'green'}, {'question'=>'Which is bigger: 67, 14 or 6', 'answers'=>'67,sixtyseven,sixty seven,sixty-seven'}], 'bcrypt_salt'=>'$2a$10$j0bmycH.SVfD1b5mpEGPpe', 'api_key'=>'8u5ixtdnq9csc84cok0owswgo'})
+      @note.textcaptcha_config .should eql({'questions'=>[{'question'=>'1+1', 'answers'=>'2,two'}]})
+    end
+
+    it 'should generate spam question from textcaptcha service' do
+      @comment.generate_spam_question
+      @comment.spam_question.should_not be_nil
+      @comment.possible_answers.should_not be_nil
+      @comment.possible_answers.should be_an(Array)
+      @comment.validate.should be_false
+    end
+
+    describe 'and textcaptcha unavailable' do
+
+      before(:each) do
+        Net::HTTP.stub(:get).and_raise(SocketError)
+      end
+
+      it 'should fall back to random user defined question when set' do
+        @review.generate_spam_question
+        @review.spam_question.should_not be_nil
+        @review.possible_answers.should_not be_nil
+        @review.possible_answers.should be_an(Array)
+        @review.validate.should be_false
+      end
+
+      it 'should not generate any spam question/answer if no user defined questions set' do
+        @comment.generate_spam_question
+        @comment.spam_question.should be_nil
+        @comment.possible_answers.should be_nil
+        @comment.validate.should be_true
+      end
+    end
+  end
+
+  describe 'with textcaptcha yaml config file' do
+
+    before(:each) do
+      @widget = Widget.new
+    end
+
+    it 'should be configurable from config/textcaptcha.yml file' do
+      @widget.textcaptcha_config['api_key'].should eql('8u5ixtdnq9csc84cok0owswgo')
+      @widget.textcaptcha_config['bcrypt_salt'].should eql('$2a$10$j0bmycH.SVfD1b5mpEGPpe')
+      @widget.textcaptcha_config['bcrypt_cost'].should eql(10)
+      @widget.textcaptcha_config['questions'].length.should eql(10)
+    end
+
+    it 'should generate spam question' do
+      @widget.generate_spam_question
+      @widget.spam_question.should_not be_nil
+      @widget.possible_answers.should_not be_nil
+      @widget.possible_answers.should be_an(Array)
+      @widget.validate.should be_false
+    end
+
+    describe 'and textcaptcha unavailable' do
+
+      before(:each) do
+        Net::HTTP.stub(:get).and_raise(SocketError)
+      end
+
+      it 'should fall back to a random user defined question' do
+        @widget.generate_spam_question
+        @widget.spam_question.should_not be_nil
+        @widget.possible_answers.should_not be_nil
+        @widget.possible_answers.should be_an(Array)
+        @widget.validate.should be_false
+      end
+    end
+  end
+end

data/spec/database.yml

@@ -0,0 +1,21 @@
+sqlite:
+  :adapter: sqlite
+  :database: acts_as_textcaptcha.sqlite.db
+  
+sqlite3:
+  :adapter: sqlite3
+  :database: acts_as_textcaptcha.sqlite3.db
+  
+postgresql:
+  :adapter: postgresql
+  :username: postgres
+  :password: postgres
+  :database: acts_as_textcaptcha_test
+  :min_messages: ERROR
+  
+mysql:
+  :adapter: mysql
+  :host: localhost
+  :username: root
+  :password:
+  :database: acts_as_textcaptcha_test

data/spec/schema.rb

@@ -0,0 +1,18 @@
+ActiveRecord::Schema.define(:version => 0) do
+
+  create_table :widgets, :force => true do |t|
+    t.string :name
+  end
+  
+  create_table :comments, :force => true do |t|
+    t.string :name
+  end                  
+  
+  create_table :reviews, :force => true do |t|
+    t.string :name
+  end
+  
+  create_table :notes, :force => true do |t|
+    t.string :name
+  end
+end

data/spec/spec.opts

@@ -0,0 +1,2 @@
+-cfs
+--loadby mtime

data/spec/spec_helper.rb

@@ -0,0 +1,11 @@
+require 'rubygems'
+require 'spec'
+require 'active_record'
+
+require 'lib/acts_as_textcaptcha'
+require File.dirname(__FILE__) + '/../init.rb'
+
+config = YAML::load(IO.read(File.dirname(__FILE__) + '/database.yml'))
+ActiveRecord::Base.establish_connection(config[ENV['DB'] || 'sqlite3'])
+
+load(File.dirname(__FILE__) + "/schema.rb")

metadata

@@ -0,0 +1,82 @@
+--- !ruby/object:Gem::Specification 
+name: acts_as_textcaptcha
+version: !ruby/object:Gem::Version 
+  prerelease: false
+  segments: 
+  - 1
+  - 1
+  - 0
+  version: 1.1.0
+platform: ruby
+authors: 
+- Matthew Hutchinson
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-04-19 00:00:00 +01:00
+default_executable: 
+dependencies: []
+
+description: |-
+  Spam protection for your ActiveRecord models using logic questions and the excellent textcaptcha api. See textcaptcha.com for more details and to get your api key.
+    The logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.
+    For more reasons on why logic questions are useful, see here; http://textcaptcha.com/why
+email: matt@hiddenloop.com
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.rdoc
+files: 
+- .gitignore
+- LICENSE
+- README.rdoc
+- Rakefile
+- VERSION
+- config/textcaptcha.yml
+- init.rb
+- lib/acts_as_textcaptcha.rb
+- lib/textcaptcha_helper.rb
+- rails/init.rb
+- spec/acts_as_textcaptcha_spec.rb
+- spec/database.yml
+- spec/schema.rb
+- spec/spec.opts
+- spec/spec_helper.rb
+has_rdoc: true
+homepage: http://github.com/hiddenloop/acts_as_textcaptcha
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.6
+signing_key: 
+specification_version: 3
+summary: Spam protection for your models via logic questions and the excellent textcaptcha.com api
+test_files: 
+- spec/acts_as_textcaptcha_spec.rb
+- spec/schema.rb
+- spec/spec_helper.rb