acts_as_textcaptcha 4.3.0 → 4.4.1

data/Rakefile

@@ -1,23 +1,31 @@
-require 'rubygems'
 require 'bundler/gem_tasks'
 require 'rake/testtask'
+require "rdoc/task"
+load './lib/tasks/textcaptcha.rake'
 
-gem 'rdoc'
+# generate docs
+RDoc::Task.new do |rd|
+  rd.main     = "README.md"
+  rd.title    = 'ActsAsTextcaptcha'
+  rd.rdoc_dir = 'doc'
+  rd.options  << "--all"
+  rd.rdoc_files.include("README.md", "LICENSE", "lib/**/*.rb")
+end
 
+# run tests
 Rake::TestTask.new(:test) do |t|
   t.libs << "test"
   t.libs << "lib"
-  t.test_files = FileList['test/**/*_test.rb']
+  t.test_files = FileList["test/**/*_test.rb"]
 end
 
-task :default => [:test]
-
-# rdoc tasks
-require 'rdoc/task'
-RDoc::Task.new do |rd|
-  rd.main     = "README.md"
-  rd.title    = 'acts_as_textcaptcha'
-  rd.rdoc_dir = 'doc'
-  rd.options  << "--all"
-  rd.rdoc_files.include("README.md", "LICENSE.txt", "lib/**/*.rb")
+# run tests with code coverage (default)
+namespace :test do
+  desc "Run all tests and features and generate a code coverage report"
+  task :coverage do
+    ENV['COVERAGE'] = 'true'
+    Rake::Task['test'].execute
+  end
 end
+
+task :default => ['test:coverage']

data/acts_as_textcaptcha.gemspec

@@ -3,43 +3,63 @@ lib = File.expand_path('../lib', __FILE__)
 $LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
 require "acts_as_textcaptcha/version"
 
-Gem::Specification.new do |s|
-  s.name        = "acts_as_textcaptcha"
-  s.version     = ActsAsTextcaptcha::VERSION
-  s.authors     = ["Matthew Hutchinson"]
-  s.email       = ["matt@hiddenloop.com"]
-  s.homepage    = "http://github.com/matthutchinson/acts_as_textcaptcha"
-  s.license     = 'MIT'
-  s.summary     = %q{Spam protection for your models via logic questions and the textcaptcha.com API}
-
-  s.description = %q{Simple question/answer based spam protection for your Rails models.
-  You can define your own logic questions and/or fetch questions from the textcaptcha.com API.
-  The questions involve human logic and are tough for spam bots to crack.
-  For more reasons on why logic questions are a good idea visit; http://textcaptcha.com/why}
-
-  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the
-  # 'allowed_push_host' to allow pushing to a single host or delete this section
-  # to allow pushing to any host.
-  if s.respond_to?(:metadata)
-    s.metadata['allowed_push_host'] = "https://rubygems.org"
+Gem::Specification.new do |spec|
+  spec.name     = "acts_as_textcaptcha"
+  spec.version  = ActsAsTextcaptcha::VERSION
+  spec.authors  = ["Matthew Hutchinson"]
+  spec.email    = ["matt@hiddenloop.com"]
+  spec.homepage = "http://github.com/matthutchinson/acts_as_textcaptcha"
+  spec.license  = 'MIT'
+  spec.summary  = "A text-based logic question captcha for Rails"
+
+  spec.description = <<-EOF
+  ActsAsTextcaptcha provides spam protection for Rails models with a text-based
+  logic question captcha. Questions are fetched from Rob Tuley's textcaptcha.com
+  They can be solved easily by humans but are tough for robots to crack. For
+  reasons on why logic based captchas are a good idea visit textcaptcha.com
+  EOF
+
+  spec.metadata = {
+    "homepage_uri"    => "https://github.com/matthutchinson/acts_as_textcaptcha",
+    "changelog_uri"   => "https://github.com/matthutchinson/acts_as_textcaptcha/blob/master/CHANGELOG.md",
+    "source_code_uri" => "https://github.com/matthutchinson/acts_as_textcaptcha",
+    "bug_tracker_uri" => "https://github.com/matthutchinson/acts_as_textcaptcha/issues",
+  }
+
+  # Prevent pushing this gem to RubyGems.org. To allow pushes either set the "allowed_push_host"
+  # to allow pushing to a single host or delete this section to allow pushing to any host.
+  if spec.respond_to?(:metadata)
+    spec.metadata["allowed_push_host"] = "https://rubygems.org"
   else
     raise "RubyGems 2.0 or newer is required to protect against public gem pushes."
   end
 
-  s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test}/*`.split("\n")
-  s.require_paths = ["lib"]
+  spec.files         = `git ls-files -z`.split("\x0").reject { |f| f.match(%r{^(test|spec|features)/}) }
+  spec.test_files    = `git ls-files -- {test}/*`.split("\n")
+  spec.bindir        = "bin"
+  spec.require_paths = ["lib"]
+
+  # documentation
+  spec.has_rdoc         = true
+  spec.extra_rdoc_files = ["README.md", "LICENSE"]
+  spec.rdoc_options << "--title" << "ActAsTextcaptcha" << "--main" << "README.md" << "-ri"
+
+  # non-gem dependecies
+  spec.required_ruby_version = ">= 2.1"
 
-  s.required_ruby_version = ">= 2.1"
+  # dev gems
+  spec.add_development_dependency('bundler')
+  spec.add_development_dependency "rake"
+  spec.add_development_dependency('pry-byebug')
 
-  # always test against latest rails version
-  s.add_development_dependency('rails', '~> 5.1.4')
+  # docs
+  spec.add_development_dependency('rdoc')
 
-  s.add_development_dependency('mime-types')
-  s.add_development_dependency('bundler')
-  s.add_development_dependency('minitest')
-  s.add_development_dependency('rdoc')
-  s.add_development_dependency('sqlite3')
-  s.add_development_dependency('webmock')
-  s.add_development_dependency('appraisal')
+  # testing
+  spec.add_development_dependency('minitest')
+  spec.add_development_dependency('rails', '~> 5.2.0')
+  spec.add_development_dependency('sqlite3')
+  spec.add_development_dependency('webmock')
+  spec.add_development_dependency('simplecov')
+  spec.add_development_dependency('appraisal')
 end

data/bin/console

@@ -1,11 +1,8 @@
 #!/usr/bin/env ruby
 
 require "bundler/setup"
+require "rails/all"
 require "acts_as_textcaptcha"
-
-# You can add fixtures and/or initialization code here to make experimenting
-# with your gem easier. You can also use a different console, if you like.
-
-# start irb
 require "irb"
+
 IRB.start

data/bin/setup

@@ -0,0 +1,7 @@
+#!/usr/bin/env bash
+set -euo pipefail
+IFS=$'\n\t'
+set -vx
+
+bundle install
+bundle exec rake rdoc

data/gemfiles/rails_3.gemfile

@@ -4,4 +4,4 @@ source "https://rubygems.org"
 
 gem "rails", "3.2.22.5"
 
-gemspec path: "../"
+gemspec :path => "../"

data/gemfiles/rails_4.gemfile

@@ -4,4 +4,4 @@ source "https://rubygems.org"
 
 gem "rails", "4.2.10"
 
-gemspec path: "../"
+gemspec :path => "../"

data/gemfiles/rails_5.gemfile

@@ -2,6 +2,6 @@
 
 source "https://rubygems.org"
 
-gem "rails", "5.1.5"
+gem "rails", "5.2.0"
 
-gemspec path: "../"
+gemspec :path => "../"

data/lib/acts_as_textcaptcha.rb

@@ -1,4 +1,6 @@
 require 'acts_as_textcaptcha/version'
+require 'acts_as_textcaptcha/errors'
 require 'acts_as_textcaptcha/textcaptcha'
+require 'acts_as_textcaptcha/textcaptcha_config'
 require 'acts_as_textcaptcha/textcaptcha_helper'
-require 'acts_as_textcaptcha/framework/rails' if defined?(Rails)
+require 'acts_as_textcaptcha/framework/rails'

data/lib/acts_as_textcaptcha/errors.rb

@@ -0,0 +1,19 @@
+module ActsAsTextcaptcha
+  class ResponseError < StandardError
+    def initialize(url, exception)
+      super("fetching '#{url}' failed - #{exception}")
+    end
+  end
+
+  class ApiKeyError < StandardError
+    def initialize(api_key, exception)
+      super("Api key '#{api_key}' is invalid - #{exception}")
+    end
+  end
+
+  class ParseError < StandardError
+    def initialize(url)
+      super("parsing JSON from '#{url}' failed")
+    end
+  end
+end

data/lib/acts_as_textcaptcha/textcaptcha.rb

@@ -5,134 +5,141 @@ require 'acts_as_textcaptcha/textcaptcha_cache'
 require 'acts_as_textcaptcha/textcaptcha_api'
 
 module ActsAsTextcaptcha
-
-  module Textcaptcha #:nodoc:
+  module Textcaptcha
 
     def acts_as_textcaptcha(options = nil)
       cattr_accessor :textcaptcha_config
-      attr_accessor  :textcaptcha_question, :textcaptcha_answer, :textcaptcha_key
+      attr_accessor :textcaptcha_question, :textcaptcha_answer, :textcaptcha_key
 
-      # Rails 3, ensure these attrs are accessible
+      # ensure these attrs are accessible (Rails 3)
       if respond_to?(:accessible_attributes) && respond_to?(:attr_accessible)
         attr_accessible :textcaptcha_answer, :textcaptcha_key
       end
 
-      validate :validate_textcaptcha, :if => :perform_textcaptcha?
+      self.textcaptcha_config = build_textcaptcha_config(options).symbolize_keys!
 
-      if options.is_a?(Hash)
-        self.textcaptcha_config = options.symbolize_keys!
-      else
-        begin
-          self.textcaptcha_config = YAML.load(File.read("#{Rails.root ? Rails.root.to_s : '.'}/config/textcaptcha.yml"))[Rails.env].symbolize_keys!
-        rescue
-          raise ArgumentError.new('could not find any textcaptcha options, in config/textcaptcha.yml or model - run rake textcaptcha:config to generate a template config file')
-        end
-      end
+      validate :validate_textcaptcha, if: :perform_textcaptcha?
 
       include InstanceMethods
     end
 
-
     module InstanceMethods
 
-      # override this method to toggle textcaptcha checking
-      # by default this will only allow new records to be
-      # protected with textcaptchas
+      # override this method to toggle textcaptcha checking, by default this
+      # will only allow new records to be protected with textcaptchas
       def perform_textcaptcha?
-        !respond_to?('new_record?') || new_record?
+        (!respond_to?('new_record?') || new_record?)
       end
 
-      # generate and assign textcaptcha
       def textcaptcha
         if perform_textcaptcha? && textcaptcha_config
-          question = answers = nil
-
-          # get textcaptcha from api
-          if textcaptcha_config[:api_key]
-            question, answers = TextcaptchaApi.fetch(textcaptcha_config[:api_key], textcaptcha_config)
-          end
-
-          # fall back to config based textcaptcha
-          unless question && answers
-            question, answers = textcaptcha_config_questions
-          end
-
-          if question && answers
-            assign_textcaptcha(question, answers)
-          end
+          assign_textcaptcha(fetch_q_and_a || config_q_and_a)
         end
       end
 
 
       private
 
-      def textcaptcha_config_questions
-        if textcaptcha_config[:questions]
-          random_question = textcaptcha_config[:questions][rand(textcaptcha_config[:questions].size)].symbolize_keys!
-          [random_question[:question], (random_question[:answers] || '').split(',').map!{ |answer| safe_md5(answer) }]
+        def fetch_q_and_a
+          return unless should_fetch?
+
+          TextcaptchaApi.new(
+            api_key: textcaptcha_config[:api_key],
+            api_endpoint: textcaptcha_config[:api_endpoint],
+            raise_errors: textcaptcha_config[:raise_errors]
+          ).fetch
         end
-      end
 
+        def should_fetch?
+          textcaptcha_config[:api_key] || textcaptcha_config[:api_endpoint]
+        end
 
-      # check textcaptcha, if incorrect, regenerate a new textcaptcha
-      def validate_textcaptcha
-        valid_answers = textcaptcha_cache.read(textcaptcha_key) || []
-        reset_textcaptcha
-        if valid_answers.include?(safe_md5(textcaptcha_answer))
-          # answer was valid, mutate the key again
-          self.textcaptcha_key = textcaptcha_random_key
-          textcaptcha_cache.write(textcaptcha_key, valid_answers, textcaptcha_cache_options)
-          true
-        else
-          if valid_answers.empty?
-            # took too long to answer
+        def config_q_and_a
+          if textcaptcha_config[:questions]
+            random_question = textcaptcha_config[:questions][rand(textcaptcha_config[:questions].size)].symbolize_keys!
+            answers = (random_question[:answers] || '').split(',').map!{ |answer| safe_md5(answer) }
+            if random_question && answers.present?
+              { 'q' => random_question[:question], 'a' => answers }
+            end
+          end
+        end
+
+        # check textcaptcha, if incorrect, generate a new textcaptcha
+        def validate_textcaptcha
+          valid_answers = textcaptcha_cache.read(textcaptcha_key) || []
+          reset_textcaptcha
+          if valid_answers.include?(safe_md5(textcaptcha_answer))
+            # answer was valid, mutate the key again
+            self.textcaptcha_key = textcaptcha_random_key
+            textcaptcha_cache.write(textcaptcha_key, valid_answers, textcaptcha_cache_options)
+            true
+          else
+            add_textcaptcha_error(too_slow: valid_answers.empty?)
+            textcaptcha
+            false
+          end
+        end
+
+        def add_textcaptcha_error(too_slow: false)
+          if too_slow
             errors.add(:textcaptcha_answer, :expired, :message => 'was not submitted quickly enough, try another question instead')
           else
-            # incorrect answer
             errors.add(:textcaptcha_answer, :incorrect, :message => 'is incorrect, try another question instead')
           end
-          textcaptcha
-          false
         end
-      end
 
-      def reset_textcaptcha
-        if textcaptcha_key
-          textcaptcha_cache.delete(textcaptcha_key)
-          self.textcaptcha_key = nil
+        def reset_textcaptcha
+          if textcaptcha_key
+            textcaptcha_cache.delete(textcaptcha_key)
+            self.textcaptcha_key = nil
+          end
         end
-      end
 
-      def assign_textcaptcha(question, answers)
-        self.textcaptcha_question = question
-        self.textcaptcha_key      = textcaptcha_random_key
-        textcaptcha_cache.write(textcaptcha_key, answers, textcaptcha_cache_options)
-      end
+        def assign_textcaptcha(q_and_a)
+          return unless q_and_a
+          self.textcaptcha_question = q_and_a['q']
+          self.textcaptcha_key = textcaptcha_random_key
+          textcaptcha_cache.write(textcaptcha_key, q_and_a['a'], textcaptcha_cache_options)
+        end
 
-      # strip whitespace pass through mb_chars (a multibyte
-      # safe proxy for string methods) then downcase
-      def safe_md5(answer)
-        Digest::MD5.hexdigest(answer.to_s.strip.mb_chars.downcase)
-      end
+        # strip whitespace pass through mb_chars (a multibyte safe proxy for
+        # strings) then downcase
+        def safe_md5(answer)
+          Digest::MD5.hexdigest(answer.to_s.strip.mb_chars.downcase)
+        end
 
-      # a random cache key, time based and random
-      def textcaptcha_random_key
-        safe_md5(Time.now.to_i + rand(1_000_000))
-      end
+        # a random cache key, time based, random
+        def textcaptcha_random_key
+          safe_md5(Time.now.to_i + rand(1_000_000))
+        end
+
+        def textcaptcha_cache_options
+          if textcaptcha_config[:cache_expiry_minutes]
+            { :expires_in => textcaptcha_config[:cache_expiry_minutes].to_f.minutes }
+          else
+            {}
+          end
+        end
 
-      def textcaptcha_cache_options
-        if textcaptcha_config[:cache_expiry_minutes]
-          { :expires_in => textcaptcha_config[:cache_expiry_minutes].to_f.minutes }
+        def textcaptcha_cache
+          @@textcaptcha_cache ||= TextcaptchaCache.new
+        end
+    end
+
+    private
+
+      def build_textcaptcha_config(options)
+        if options.is_a?(Hash)
+          options
         else
-          {}
+          YAML.load(ERB.new(read_textcaptcha_config).result)[Rails.env]
         end
+      rescue
+        raise ArgumentError.new('could not find any textcaptcha options, in config/textcaptcha.yml or model - run rake textcaptcha:config to generate a template config file')
       end
 
-      # cache is used to persist textcaptcha questions and answers
-      # between requests
-      def textcaptcha_cache
-        @@textcaptcha_cache ||= TextcaptchaCache.new
+      def read_textcaptcha_config
+        File.read("#{Rails.root ? Rails.root : '.'}/config/textcaptcha.yml")
       end
-    end
   end
 end

data/lib/acts_as_textcaptcha/textcaptcha_api.rb

@@ -1,61 +1,56 @@
-# simple wrapper for the textcaptcha.com API service
-# loads and parses captcha question and answers
-
-require 'rexml/document'
+require 'json'
 
 module ActsAsTextcaptcha
+  class TextcaptchaApi
 
-  # raised if an empty response is returned
-  class EmptyResponseError < StandardError; end;
+    BASE_URL = 'http://textcaptcha.com'
 
-  class TextcaptchaApi
+    def initialize(api_key: nil, api_endpoint: nil, raise_errors: false)
+      if api_endpoint
+        self.uri = URI(api_endpoint)
+      else
+        self.uri = URI("#{BASE_URL}/#{api_key}.json")
+      end
+      self.raise_errors = raise_errors || false
+    rescue URI::InvalidURIError => exception
+      raise ApiKeyError.new(api_key, exception)
+    end
 
-    ENDPOINT = 'http://textcaptcha.com/api/'
+    def fetch
+      parse(get.to_s)
+    end
 
-    def self.fetch(api_key, options = {})
-      begin
-        url = uri_parser.parse("#{ENDPOINT}#{api_key}")
-        http = Net::HTTP.new(url.host, url.port)
-        if options[:http_open_timeout]
-          http.open_timeout = options[:http_open_timeout]
-        end
-        if options[:http_read_timeout]
-          http.read_timeout = options[:http_read_timeout]
-        end
+    private
+
+      attr_accessor :uri, :raise_errors
 
-        response = http.get(url.path)
-        if response.body.to_s.empty?
-          raise ActsAsTextcaptcha::EmptyResponseError
+      def get
+        response = Net::HTTP.new(uri.host, uri.port).get(uri.path)
+        if response.code == '200'
+          response.body
         else
-          return parse(response.body)
+          handle_error ResponseError.new(uri, "status: #{response.code}")
         end
       rescue SocketError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET,
         Errno::EHOSTUNREACH, EOFError, Errno::ECONNREFUSED, Errno::ETIMEDOUT,
-        Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError,
-        URI::InvalidURIError, ActsAsTextcaptcha::EmptyResponseError,
-        REXML::ParseException
-        # rescue from these errors and continue
+        Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError,
+        Net::ProtocolError => exception
+        handle_error ResponseError.new(uri, exception)
       end
-    end
 
-    def self.parse(xml)
-      parsed_xml = ActiveSupport::XmlMini.parse(xml)['captcha']
-      question = parsed_xml['question']['__content__']
-      if parsed_xml['answer'].is_a?(Array)
-        answers = parsed_xml['answer'].collect { |a| a['__content__'] }
-      else
-        answers = [parsed_xml['answer']['__content__']]
+      def parse(response)
+        JSON.parse(response) unless response.empty?
+      rescue JSON::ParserError
+        handle_error ParseError.new(uri)
       end
 
-      [question, answers]
-    end
-
-
-    private
-
-    def self.uri_parser
-      # URI.parse is deprecated in 1.9.2
-      URI.const_defined?(:Parser) ? URI::Parser.new : URI
-    end
+      def handle_error(error)
+        if raise_errors
+          raise error
+        else
+          Rails.logger.error("#{error.class} #{error.message}")
+          nil
+        end
+      end
   end
 end