acts_as_textcaptcha 1.1.2 → 1.2.0
Sign up to get free protection for your applications and to get access to all the features.
- data/README.rdoc +46 -28
- data/Rakefile +40 -7
- data/VERSION +1 -1
- data/acts_as_textcaptcha.gemspec +5 -2
- data/spec/spec_helper.rb +12 -1
- metadata +18 -5
data/README.rdoc
CHANGED
|
@@ -1,14 +1,16 @@
|
|
|
1
1
|
= ActAsTextcaptcha
|
|
2
2
|
|
|
3
|
-
|
|
3
|
+
ActsAsTextcaptcha provides spam protection for your Rails models using logic questions from the excellent {Text CAPTCHA}[http://textcaptcha.com/] web service (by {Rob Tuley}[http://openknot.com/me/] of {Openknot}[http://openknot.com/]).
|
|
4
4
|
|
|
5
|
-
|
|
5
|
+
To get started, {grab an API key for your website}[http://textcaptcha.com/api] and follow along with the instructions below.
|
|
6
|
+
|
|
7
|
+
The gem can be configured with your very own logic questions (to fall back on if the textcaptcha service is down) or as a replacement for the service. It also makes use of {bcrypt}[http://bcrypt-ruby.rubyforge.org/] encryption when storing the answers in your session (recommended if you're using the default Rails CookieStore)
|
|
6
8
|
|
|
7
9
|
Text CAPTCHA's logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot. There are both advantages and disadvantages for using logic questions over image based captchas, {find out more at Text CAPTCHA}[http://textcaptcha.com/why].
|
|
8
10
|
|
|
9
11
|
== Demo
|
|
10
12
|
|
|
11
|
-
|
|
13
|
+
Here's a {fully working demo on heroku}[http://textcaptcha.heroku.com]!
|
|
12
14
|
|
|
13
15
|
== Requirements
|
|
14
16
|
|
|
@@ -26,23 +28,23 @@ Install the gems
|
|
|
26
28
|
|
|
27
29
|
sudo gem install acts_as_textcaptcha bcrypt-ruby
|
|
28
30
|
|
|
29
|
-
Or you can install
|
|
31
|
+
Or you can install acts_as_textcaptcha as a Rails plugin
|
|
30
32
|
|
|
31
33
|
script/plugin install git://github.com/hiddenloop/acts_as_textcaptcha
|
|
32
34
|
|
|
33
35
|
== Using
|
|
34
36
|
|
|
35
|
-
First,
|
|
37
|
+
First, add the gem in your environment.rb file;
|
|
36
38
|
|
|
37
39
|
config.gem 'acts_as_textcaptcha'
|
|
38
40
|
|
|
39
|
-
Next configure your models to be spam protected
|
|
41
|
+
Next configure your models to be spam protected; (this is the most basic way to configure the gem, with an api key only)
|
|
40
42
|
|
|
41
43
|
class Comment < ActiveRecord::Base
|
|
42
44
|
acts_as_textcaptcha({'api_key' => 'your_textcaptcha_api_key'})
|
|
43
45
|
end
|
|
44
46
|
|
|
45
|
-
Next in your controller *new* and *create* actions you'll want to _spamify_ your model and merge the answers. Like so;
|
|
47
|
+
Next in your controller *new* and *create* actions you'll want to _spamify_ your model and merge in the answers. Like so;
|
|
46
48
|
|
|
47
49
|
def new
|
|
48
50
|
@comment = Comment.new
|
|
@@ -67,16 +69,12 @@ Finally, in your form/view erb do something like the following;
|
|
|
67
69
|
<%= f.label :spam_answer, @comment.spam_question %>
|
|
68
70
|
<%= f.text_field :spam_answer, :value => '' %>
|
|
69
71
|
<%- end -%>
|
|
70
|
-
|
|
71
|
-
More configurations are available and will be explained here shortly. If your'e interested now, jump into the code.
|
|
72
72
|
|
|
73
73
|
== More Configurations
|
|
74
74
|
|
|
75
|
-
You can also configure
|
|
76
|
-
|
|
77
|
-
=== Options hash
|
|
75
|
+
You can also configure spam protection in the following ways.
|
|
78
76
|
|
|
79
|
-
|
|
77
|
+
=== Hash
|
|
80
78
|
|
|
81
79
|
class Comment < ActiveRecord::Base
|
|
82
80
|
acts_as_textcaptcha({'api_key' => 'your_textcaptcha_api_key',
|
|
@@ -86,45 +84,65 @@ You can configure your models with the following options.
|
|
|
86
84
|
{'question' => 'The green hat is what color?', 'answers' => 'green'}]})
|
|
87
85
|
end
|
|
88
86
|
|
|
89
|
-
* *api_key* (from
|
|
87
|
+
* *api_key* (from Text CAPTCHA)
|
|
90
88
|
* *bcrypt_salt* - used to encrypt valid possible answers in your session (recommended if you are using cookie session storage) NOTE: this must be a valid bcrypt salt; for security PLEASE CHANGE THIS, open irb and enter; require 'bcrypt'; BCrypt::Engine.generate_salt
|
|
91
89
|
* *bcrypt_cost* - an optional logarithmic var which determines how computational expensive the bcrypt hash is to calculate (a cost of 4 is twice as much work as a cost of 3 - default is 10)
|
|
92
90
|
* *questions* - an array of question and answer hashes (see above) A random question from this array will be asked if the textcaptcha web service fails
|
|
93
91
|
|
|
94
|
-
=== config
|
|
92
|
+
=== YAML config
|
|
95
93
|
|
|
96
|
-
|
|
94
|
+
All the above options can be expressed in a {textcaptcha.yml}[http://github.com/hiddenloop/acts_as_textcaptcha/raw/master/config/textcaptcha.yml] file. Drop this into your RAILS_ROOT/config folder.
|
|
97
95
|
|
|
98
|
-
|
|
96
|
+
=== _Without_ the Text CAPTCHA web service
|
|
97
|
+
|
|
98
|
+
It *also* is possible to configure to use only your own user defined logic questions. To do so, just ommit the api_key and set at least 1 logic question in your options.
|
|
99
99
|
|
|
100
100
|
== What does the code do?
|
|
101
101
|
|
|
102
|
-
|
|
103
|
-
|
|
104
|
-
|
|
102
|
+
The gem contains two parts, a module for your ActiveRecord models, and a tiny helper method (spamify).
|
|
103
|
+
|
|
104
|
+
A call to spamify(@model) in your controller will query the Text CAPTCHA web service. A restful GET request is made with Net::HTTP and parsed using the standard XML::Parser. A spam_question is assigned to the model, and an array of possible answers are encrypted in the session.
|
|
105
|
+
|
|
106
|
+
validate_spam_answer() is called on @model.validate() and checks that the @model.spam_answer matches one of those possible answers in the session. This validation is _only_ carried out on new records, i.e. never on edit, only on create. User's attempted spam answers are not case-sensitive and have trailing/leading white-space removed.
|
|
107
|
+
|
|
108
|
+
{BCrypt}[http://bcrypt-ruby.rubyforge.org] encryption is used to securely store the possible answers in your session. You must specify a valid bcrypt-salt and (computational) cost in your options. Without these options possible answers will be MD5-hashed only.
|
|
109
|
+
|
|
110
|
+
allowed?() and perform_spam_check?() are utility methods (that can be overridden in your model) They basically act as flags allowing you to control creation of new records, or whether the spam check should be carried out at all.
|
|
111
|
+
|
|
112
|
+
If an error occurs in loading or parsing the web service XML, ActsAsTextcaptcha will fall back to choose a random logic question defined in your options. Additionally, if you'd prefer _not_ to use the service at all, you can omit the api_key from your options entirely.
|
|
113
|
+
|
|
114
|
+
If the web service fails or no-api key is specified AND no alternate questions are configured, the @model will not require spam checking and will pass as valid.
|
|
105
115
|
|
|
106
|
-
|
|
116
|
+
For more details on the code please check the {documentation}[http://rdoc.info/projects/hiddenloop/acts_as_textcaptcha].
|
|
107
117
|
|
|
108
|
-
== Rake
|
|
118
|
+
== Rake Tasks
|
|
109
119
|
|
|
110
120
|
* rake spec (run the tests)
|
|
111
121
|
* rake rcov (run tests showing coverage)
|
|
112
122
|
* rake rdoc (generate docs)
|
|
113
123
|
|
|
114
|
-
==
|
|
124
|
+
== Links
|
|
125
|
+
|
|
126
|
+
* {Documentation}[http://rdoc.info/projects/hiddenloop/acts_as_textcaptcha]
|
|
127
|
+
* {Demo}[http://textcaptcha.heroku.com]
|
|
128
|
+
* {Code}[http://github.com/hiddenloop/acts_as_textcaptcha]
|
|
129
|
+
* {Wiki}[http://wiki.github.com/hiddenloop/acts_as_textcaptcha/]
|
|
130
|
+
* {Bug Tracker}[http://github.com/hiddenloop/acts_as_textcaptcha/issues]
|
|
131
|
+
* {Gem}[http://rubygems.org/gems/acts_as_textcaptcha]
|
|
132
|
+
* {Code Metrics}[http://getcaliper.com/caliper/project?repo=http%3A%2F%2Frubygems.org%2Fgems%2Facts_as_textcaptcha] (flay, reek, churn etc.)
|
|
115
133
|
|
|
116
|
-
Who's who?
|
|
134
|
+
== Who's who?
|
|
117
135
|
|
|
118
|
-
* {ActsAsTextcaptcha}[http://github.com/hiddenloop/acts_as_textcaptcha]
|
|
136
|
+
* {ActsAsTextcaptcha}[http://github.com/hiddenloop/acts_as_textcaptcha] and {little robot drawing}[http://www.flickr.com/photos/hiddenloop/4541195635/] by {Matthew Hutchinson}[http://matthewhutchinson.net]
|
|
119
137
|
* {Text CAPTCHA}[http://textcaptcha.com] api and service by {Rob Tuley}[http://openknot.com/me/] at {Openknot}[http://openknot.com]
|
|
120
|
-
*
|
|
138
|
+
* {bcrypt-ruby}[http://bcrypt-ruby.rubyforge.org/] Gem by {Coda Hale}[http://codahale.com]
|
|
121
139
|
|
|
122
140
|
== Usage
|
|
123
141
|
|
|
124
|
-
This code is currently used in a number of production websites and
|
|
142
|
+
This code is currently used in a number of production websites and apps. It was originally extracted from code developed for {Bugle}[http://bugleblogs.com]
|
|
125
143
|
|
|
126
144
|
* {matthewhutchinson.net}[http://matthewhutchinson.net]
|
|
127
145
|
* {pmFAQtory.com}[http://pmfaqtory.com]
|
|
128
146
|
* {The FAQtory}[http://faqtory.heroku.com]
|
|
129
147
|
|
|
130
|
-
(if you're happily using acts_as_textcaptcha in production, let me know and I'll add
|
|
148
|
+
(if you're happily using acts_as_textcaptcha in production, let me know and I'll add you to this list)
|
data/Rakefile
CHANGED
|
@@ -9,13 +9,13 @@ task :test => :spec
|
|
|
9
9
|
|
|
10
10
|
desc "Run all specs"
|
|
11
11
|
Spec::Rake::SpecTask.new(:spec) do |t|
|
|
12
|
-
t.spec_files = FileList['spec
|
|
12
|
+
t.spec_files = FileList['spec/*_spec.rb']
|
|
13
13
|
t.spec_opts = ['--options', 'spec/spec.opts']
|
|
14
|
-
end
|
|
14
|
+
end
|
|
15
15
|
|
|
16
16
|
desc "Run all specs with RCov"
|
|
17
17
|
Spec::Rake::SpecTask.new(:rcov) do |t|
|
|
18
|
-
t.spec_files = FileList['spec
|
|
18
|
+
t.spec_files = FileList['spec/*_spec.rb']
|
|
19
19
|
t.rcov = true
|
|
20
20
|
t.rcov_opts = ['--exclude', 'spec']
|
|
21
21
|
end
|
|
@@ -27,8 +27,7 @@ Rake::RDocTask.new(:rdoc) do |rdoc|
|
|
|
27
27
|
rdoc.options << '--line-numbers' << '--inline-source'
|
|
28
28
|
rdoc.rdoc_files.include('README.rdoc', 'LICENSE')
|
|
29
29
|
rdoc.rdoc_files.include('lib/**/*.rb')
|
|
30
|
-
end
|
|
31
|
-
|
|
30
|
+
end
|
|
32
31
|
|
|
33
32
|
begin
|
|
34
33
|
require 'jeweler'
|
|
@@ -41,8 +40,42 @@ begin
|
|
|
41
40
|
gemspec.email = "matt@hiddenloop.com"
|
|
42
41
|
gemspec.homepage = "http://github.com/hiddenloop/acts_as_textcaptcha"
|
|
43
42
|
gemspec.authors = ["Matthew Hutchinson"]
|
|
44
|
-
|
|
43
|
+
|
|
44
|
+
gemspec.add_dependency('bcrypt-ruby', '>= 2.1.2')
|
|
45
|
+
end
|
|
45
46
|
Jeweler::GemcutterTasks.new
|
|
46
47
|
rescue LoadError
|
|
47
|
-
|
|
48
|
+
end
|
|
49
|
+
|
|
50
|
+
begin
|
|
51
|
+
require 'metric_fu'
|
|
52
|
+
MetricFu::Configuration.run do |config|
|
|
53
|
+
config.metrics = [ :churn, :saikuro, :flog, :flay, :reek, :roodi, :rcov ]
|
|
54
|
+
config.graphs = [ :flog, :flay, :reek, :roodi, :rcov ]
|
|
55
|
+
config.flay = { :dirs_to_flay => ['lib'],
|
|
56
|
+
:minimum_score => 75 }
|
|
57
|
+
config.flog = { :dirs_to_flog => ['lib'] }
|
|
58
|
+
config.reek = { :dirs_to_reek => ['lib'] }
|
|
59
|
+
config.roodi = { :dirs_to_roodi => ['lib'] }
|
|
60
|
+
config.saikuro = { :output_directory => 'tmp/metric_fu/scratch/saikuro',
|
|
61
|
+
:input_directory => ['lib'],
|
|
62
|
+
:cyclo => "",
|
|
63
|
+
:filter_cyclo => "0",
|
|
64
|
+
:warn_cyclo => "5",
|
|
65
|
+
:error_cyclo => "7",
|
|
66
|
+
:formater => "text" }
|
|
67
|
+
config.churn = { :start_date => "1 year ago", :minimum_churn_count => 10 }
|
|
68
|
+
config.rcov = { :environment => 'test',
|
|
69
|
+
:test_files => ['spec/*_spec.rb'],
|
|
70
|
+
:rcov_opts => ["--sort coverage",
|
|
71
|
+
"--no-html",
|
|
72
|
+
"--text-coverage",
|
|
73
|
+
"--no-color",
|
|
74
|
+
"--profile",
|
|
75
|
+
"--rails",
|
|
76
|
+
"--exclude spec"]}
|
|
77
|
+
config.graph_engine = :bluff
|
|
78
|
+
end
|
|
79
|
+
rescue LoadError
|
|
80
|
+
puts "Metric Fu not available. Install it with: sudo gem install metric_fu reek roodi flay googlecharts"
|
|
48
81
|
end
|
data/VERSION
CHANGED
|
@@ -1 +1 @@
|
|
|
1
|
-
1.
|
|
1
|
+
1.2.0
|
data/acts_as_textcaptcha.gemspec
CHANGED
|
@@ -5,11 +5,11 @@
|
|
|
5
5
|
|
|
6
6
|
Gem::Specification.new do |s|
|
|
7
7
|
s.name = %q{acts_as_textcaptcha}
|
|
8
|
-
s.version = "1.
|
|
8
|
+
s.version = "1.2.0"
|
|
9
9
|
|
|
10
10
|
s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
|
|
11
11
|
s.authors = ["Matthew Hutchinson"]
|
|
12
|
-
s.date = %q{2010-
|
|
12
|
+
s.date = %q{2010-05-05}
|
|
13
13
|
s.description = %q{Spam protection for your ActiveRecord models using logic questions and the excellent textcaptcha api. See textcaptcha.com for more details and to get your api key.
|
|
14
14
|
The logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.
|
|
15
15
|
For more reasons on why logic questions are useful, see here; http://textcaptcha.com/why}
|
|
@@ -52,9 +52,12 @@ Gem::Specification.new do |s|
|
|
|
52
52
|
s.specification_version = 3
|
|
53
53
|
|
|
54
54
|
if Gem::Version.new(Gem::RubyGemsVersion) >= Gem::Version.new('1.2.0') then
|
|
55
|
+
s.add_runtime_dependency(%q<bcrypt-ruby>, [">= 2.1.2"])
|
|
55
56
|
else
|
|
57
|
+
s.add_dependency(%q<bcrypt-ruby>, [">= 2.1.2"])
|
|
56
58
|
end
|
|
57
59
|
else
|
|
60
|
+
s.add_dependency(%q<bcrypt-ruby>, [">= 2.1.2"])
|
|
58
61
|
end
|
|
59
62
|
end
|
|
60
63
|
|
data/spec/spec_helper.rb
CHANGED
|
@@ -1,8 +1,19 @@
|
|
|
1
|
+
# This file is copied to ~/spec when you run 'ruby script/generate rspec'
|
|
2
|
+
# from the project root directory.
|
|
3
|
+
ENV["RAILS_ENV"] ||= 'test'
|
|
1
4
|
require 'rubygems'
|
|
2
5
|
require 'spec'
|
|
3
6
|
require 'active_record'
|
|
7
|
+
require 'spec/autorun'
|
|
4
8
|
|
|
5
|
-
|
|
9
|
+
# Uncomment the next line to use webrat's matchers
|
|
10
|
+
#require 'webrat/integrations/rspec-rails'
|
|
11
|
+
|
|
12
|
+
# Requires supporting files with custom matchers and macros, etc,
|
|
13
|
+
# in ./support/ and its subdirectories.
|
|
14
|
+
Dir[File.expand_path(File.join(File.dirname(__FILE__),'support','**','*.rb'))].each {|f| require f}
|
|
15
|
+
|
|
16
|
+
require File.dirname(__FILE__) + '/../lib/acts_as_textcaptcha'
|
|
6
17
|
require File.dirname(__FILE__) + '/../init.rb'
|
|
7
18
|
|
|
8
19
|
config = YAML::load(IO.read(File.dirname(__FILE__) + '/database.yml'))
|
metadata
CHANGED
|
@@ -4,9 +4,9 @@ version: !ruby/object:Gem::Version
|
|
|
4
4
|
prerelease: false
|
|
5
5
|
segments:
|
|
6
6
|
- 1
|
|
7
|
-
- 1
|
|
8
7
|
- 2
|
|
9
|
-
|
|
8
|
+
- 0
|
|
9
|
+
version: 1.2.0
|
|
10
10
|
platform: ruby
|
|
11
11
|
authors:
|
|
12
12
|
- Matthew Hutchinson
|
|
@@ -14,10 +14,23 @@ autorequire:
|
|
|
14
14
|
bindir: bin
|
|
15
15
|
cert_chain: []
|
|
16
16
|
|
|
17
|
-
date: 2010-
|
|
17
|
+
date: 2010-05-05 00:00:00 +01:00
|
|
18
18
|
default_executable:
|
|
19
|
-
dependencies:
|
|
20
|
-
|
|
19
|
+
dependencies:
|
|
20
|
+
- !ruby/object:Gem::Dependency
|
|
21
|
+
name: bcrypt-ruby
|
|
22
|
+
prerelease: false
|
|
23
|
+
requirement: &id001 !ruby/object:Gem::Requirement
|
|
24
|
+
requirements:
|
|
25
|
+
- - ">="
|
|
26
|
+
- !ruby/object:Gem::Version
|
|
27
|
+
segments:
|
|
28
|
+
- 2
|
|
29
|
+
- 1
|
|
30
|
+
- 2
|
|
31
|
+
version: 2.1.2
|
|
32
|
+
type: :runtime
|
|
33
|
+
version_requirements: *id001
|
|
21
34
|
description: |-
|
|
22
35
|
Spam protection for your ActiveRecord models using logic questions and the excellent textcaptcha api. See textcaptcha.com for more details and to get your api key.
|
|
23
36
|
The logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.
|