acts_as_textcaptcha 2.2.2 → 3.0.0

data/.gitignore

@@ -1,8 +1,9 @@
-*.*.db      
+*.*.db
 *.db
 doc
 *.gem
 Gemfile.lock
 pkg/*
 coverage
+coverage.data
 .rvmrc

data/Gemfile

@@ -1,4 +1,2 @@
-source "http://rubygems.org"
-
-# Specify your gem's dependencies in acts_as_textcaptcha.gemspec
+source 'http://rubygems.org'
 gemspec

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright (c) 2010 Matthew Hutchinson
+Copyright (c) 2011 Matthew Hutchinson
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the
@@ -17,4 +17,4 @@ MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
 NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
 LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
 OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
-WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.rdoc

@@ -1,13 +1,11 @@
-= ActAsTextcaptcha   
+= ActAsTextcaptcha
 
-ActsAsTextcaptcha provides spam protection for your Rails models using logic questions from the excellent {Text CAPTCHA}[http://textcaptcha.com/] web service (by {Rob Tuley}[http://openknot.com/me/] of {Openknot}[http://openknot.com/]).  
+ActsAsTextcaptcha provides spam protection for your Rails models using logic questions from the excellent {Text CAPTCHA}[http://textcaptcha.com/] web service (by {Rob Tuley}[http://openknot.com/me/] of {Openknot}[http://openknot.com/]).  It is also possible to configure your own questions and answers instead of using this API (or as a fall back in the unlikely event of the web service being unavailable)
 
-To get started, {grab an API key for your website}[http://textcaptcha.com/api] and follow along with the instructions below.
-
-The gem can be configured with your very own logic questions (to fall back on if the textcaptcha service is down) or as a replacement for the service.  It also makes use of {bcrypt}[http://bcrypt-ruby.rubyforge.org/] encryption when storing the answers in your session (recommended if you're using the default Rails CookieStore)                   
+The gem makes use of {bcrypt}[http://bcrypt-ruby.rubyforge.org/] encryption when comparing a guess with the correct answer(s).  This gem is actively maintained, has good test coverage and is compatible with Rails 2.3.* and 3.  If you have any issues {please report them here}[https://github.com/matthutchinson/acts_as_textcaptcha/issues].
 
 Text CAPTCHA's logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.  There are both advantages and disadvantages for using logic questions over image based captchas, {find out more at Text CAPTCHA}[http://textcaptcha.com/why].
-  
+
 == Demo
 
 Here's a {fully working demo on heroku}[http://textcaptcha.heroku.com]!
@@ -16,19 +14,19 @@ Here's a {fully working demo on heroku}[http://textcaptcha.heroku.com]!
 
 === Rails 3
 
-Just add the following to your Gemfile, then run `bundle install`;
+Just add the following to your Gemfile, then `bundle install`;
 
   gem 'acts_as_textcaptcha'
-  
+
 === Rails 2.3.*
 
-Add the following to your environment.rb file, then install with `gem install acts_as_textcaptcha`;
+Add this to your environment.rb file, then `gem install acts_as_textcaptcha`;
 
   config.gem 'acts_as_textcaptcha'
 
 === As a plugin
 
-Or install as a plugin with
+Or install as a plugin with;
 
   rails plugin install git@github.com:matthutchinson/acts_as_textcaptcha.git
   OR
@@ -42,104 +40,90 @@ If you do decide to install this as a Rails plugin, you'll have to manually incl
 
 == Setting up
 
-Configure which models are to be spam protected; (this is the most basic way to configure the gem, with an api key only)
+*NOTE:* The procedure for configuring your app *changed significantly* from v2.* to v3.*  If you are having problems please carefully check the instructions below.
+
+First {grab an API key for your website}[http://textcaptcha.com/api] then open Rails console (or any irb session) and generate a new BCrypt salt by typing;
+
+  require 'bcrypt';BCrypt::Engine.generate_salt
+
+Next configure which models are to be spam protected like so;
 
   class Comment < ActiveRecord::Base
-    acts_as_textcaptcha({'api_key' => 'your_textcaptcha_api_key'})
-  end          
+    # (this is the most basic way to configure the gem, with an API key and Salt only)
+    acts_as_textcaptcha :api_key     => 'PASTE_YOUR_TEXTCAPTCHA_API_KEY_HERE',
+                        :bcrypt_salt => 'PASTE_YOUR_BCRYPT_SALT_HERE'
+  end
 
-Next in your controller *new* and *create* actions you'll want to _spamify_ your model and merge in the answers. Like so;
+Next in your controller's *new* action you'll want to generate the logic question for your model, like so;
 
   def new
     @comment = Comment.new
-    spamify(@comment)
-  end                                                                                
-
-  def create
-    @comment = Comment.new(params[:comment].merge(:possible_answers => session[:possible_answers]))
-    if @comment.save
-      ...
-    else
-      spamify(@comment)
-      render :action => 'new'
-    end
-  end       
-
-Finally, in your form/view erb do something like the following;
-
-  <%- if @comment.new_record? -%>
-    <%- if @comment.validate_spam_answer -%>
-      <%= f.hidden_field :spam_answer, :value => @comment.spam_answer -%>
-    <%- else -%>
-      <%= f.label :spam_answer, @comment.spam_question %>
+    @comment.textcaptcha
+  end
+
+Finally, in your form view add the spam question and answer fields using the textcaptcha_fields helper.  You are free to arrange the HTML within this helper as you like;
+
+  <%= textcaptcha_fields(f) do %>
+    <div class="field">
+      <%= f.label :spam_answer, @comment.spam_question %><br/>
       <%= f.text_field :spam_answer, :value => '' %>
-    <%- end -%>
-  <%- end -%>
+    </div>
+  <% end %>
 
-== More Configurations    
+*NOTE:* For Rails 2.* this step is slightly different (<%= changes to <%);
 
-You can also configure acts_as_textcaptcha in the following ways.
+  <% textcaptcha_fields(f) do %>
+    <div class="field">
+      <%= f.label :spam_answer, @comment.spam_question %><br/>
+      <%= f.text_field :spam_answer, :value => '' %>
+    </div>
+  <% end %>
+
+*NOTE:* If you'd rather NOT use this helper and prefer to write all your own view code, see the html produced from the textcaptcha_fields method in the gem source code.
+
+== More Configurations
+
+The gem can be configured for models individually (as shown above) or with a config/textcaptcha.yml file for the whole app.  A config must have a valid bcrypt_salt, and an api_key and/or an array of questions defined.
 
 === Hash
 
   class Comment < ActiveRecord::Base
-    acts_as_textcaptcha({'api_key'     => 'your_textcaptcha_api_key',
-                         'bcrypt_salt' => '$2a$10$j0bmycH.SVfD1b5mpEGPpe',
-                         'bcrypt_cost' => '3',
-                         'questions'   => [{'question' => '1+1', 'answers' => '2,two'},
-                                           {'question' => 'The green hat is what color?', 'answers' => 'green'}]})
-  end 
-  
-* *api_key* (from Text CAPTCHA)
-* *bcrypt_salt* - used to encrypt valid possible answers in your session (recommended if you are using cookie session storage)  NOTE: this  must be a valid bcrypt salt; for security PLEASE CHANGE THIS, open irb and enter; require 'bcrypt'; BCrypt::Engine.generate_salt
-* *bcrypt_cost* - an optional logarithmic var which determines how computational expensive the bcrypt hash is to calculate (a cost of 4 is twice as much work as a cost of 3 - default is 10)
-* *questions* - an array of question and answer hashes (see above)  A random question from this array will be asked if the textcaptcha web service fails
+    acts_as_textcaptcha :api_key     => 'YOUR_TEXTCAPTCHA_API_KEY',
+                        :bcrypt_salt => 'YOUR_BCRYPT_SALT',
+                        :bcrypt_cost => '3',
+                        :questions   => [{ 'question' => '1+1', 'answers' => '2,two' },
+                                         { 'question' => 'The green hat is what color?', 'answers' => 'green' }]
+  end
+
+* *api_key* (get from http://textcaptcha.com/api)
+* *bcrypt_salt* - used to encrypt the valid possible answers
+* *bcrypt_cost* - an optional logarithmic number which determines how computationally expensive the bcrypt hash will be (a cost of 4 is twice as much work as a cost of 3 - the default is 10)
+* *questions* - an array of question and answer hashes (see above) A random question from this array will be asked if the web service fails OR if no API key has been set.  Multiple answers to the same question are comma separated (e.g. 2,two) so don't use commas in your answers!
 
 === YAML config
 
-All the above options can be expressed in a {textcaptcha.yml}[http://github.com/matthutchinson/acts_as_textcaptcha/raw/master/config/textcaptcha.yml] file. Drop this into your RAILS_ROOT/config folder.  The gem comes with a handy rake task to copy over a textcaptcha.yml template to your Rails config directory.
+The gem comes with a handy rake task to copy over a {textcaptcha.yml}[http://github.com/matthutchinson/acts_as_textcaptcha/raw/master/config/textcaptcha.yml] template to your Rails config directory.  It will also generate a random BCrypt Salt when you first run it.
 
-rake textcaptcha:generate_config
+rake textcaptcha:config
 
 *NOTE:* If you are on Rails 2.3.*, you'll have to add the following to your Rakefile to make this task available;
 
 `# load textcaptcha rake tasks
 Dir["#{Gem.searcher.find('acts_as_textcaptcha').full_gem_path}/lib/tasks/**/*.rake"].each { |ext| load ext } if Gem.searcher.find('acts_as_textcaptcha')`
 
+=== Using _without_ the Text CAPTCHA web service
 
-=== Using _Without_ the Text CAPTCHA web service    
-
-It *also* is possible to configure to use only your own user defined logic questions.  To do so, just ommit the api_key and set at least 1 logic question in your options.
-
-
-== What does the code do?  
-                            
-The gem contains two parts, a module for your ActiveRecord models, and a tiny helper method (spamify).
-
-A call to spamify(@model) in your controller will query the Text CAPTCHA web service.  A GET request is made with Net::HTTP and parsed using the default Rails ActiveSupport::XMLMini backend (or the standard XML::Parser in older versions of Rails).  A spam_question is assigned to the model, and an array of possible answers are encrypted in the session.
-
-validate_spam_answer() is called on @model.validate() and checks that the @model.spam_answer matches one of those possible answers in the session.  This validation is _only_ carried out on new records, i.e. never on edit, only on create.  User's attempted spam answers are not case-sensitive and have trailing/leading white-space removed.
-
-{BCrypt}[http://bcrypt-ruby.rubyforge.org] encryption is used to securely store the possible answers in your session.  You must specify a valid bcrypt-salt and (computational) cost in your options.  Without these options possible answers will be MD5-hashed only.
-
-allowed?() and perform_spam_check?() are utility methods (that can be overridden in your model)  They basically act as flags allowing you to control creation of new records, or whether the spam check should be carried out at all.
-
-If an error occurs in loading or parsing the web service XML, ActsAsTextcaptcha will fall back to choose a random logic question defined in your options.  Additionally, if you'd prefer _not_ to use the service at all, you can omit the api_key from your options entirely.  
-
-If the web service fails or no-api key is specified AND no alternate questions are configured, the @model will not require spam checking and will pass as valid.
-
-For more details on the code please check the {documentation}[http://rdoc.info/projects/matthutchinson/acts_as_textcaptcha].
+To use only your own logic questions simply ommit the api_key from your config and define at least 1 logic question/answer.
 
 == Translations
 
-Recent versions of the gem use standard Rails, I18n translation for the 2 possible error messages generated by acts_as_textcaptcha, with a fall-back to a default English error message.  Unfortunately in some versions of Rails 2.3.* the translation fall-back fails.  For this case (and when translating) the translations should be provided in your locale file with the following hierarchy (assuming your model is Comment);
+Recent versions of the gem use standard Rails I18n translation for the error message generated by acts_as_textcaptcha, with a fall-back to English.  Unfortunately in some versions of Rails 2.3.* this translation fall-back fails.  For this case (and when translating) setup your own locale file with this hierarchy (assuming your model is Comment);
 
   en:
     activerecord:
       errors:
         models:
           comment:
-            disabled: "Sorry, adding a %{model} is currently disabled"
             attributes:
               spam_answer:
                 incorrect_answer: "is incorrect, try another question instead"
@@ -148,48 +132,62 @@ Recent versions of the gem use standard Rails, I18n translation for the 2 possib
         comment:
           spam_answer: "Spam answer"
 
-It should be noted that currently the textcaptcha API service only offers logic questions in English.
+*NOTE:* currently the Text CAPTCHA API web service only offers logic questions in English.
 
 == Testing and docs
 
-In development you can run the specs and rdoc tasks like so;
+In development you can run the tests and rdoc tasks like so;
 
-* rake spec (run the rspec2 tests)
+* rake test (all tests)
+* rake test:coverage (all tests with code coverage reporting)
 * rake rdoc (generate docs)
 
+== What does the code do?
+
+The gem contains two parts, a module for your ActiveRecord models, and a single view helper method.
+
+A call to @model.textcaptcha in your controller will query the Text CAPTCHA web service.  A GET request is made with Net::HTTP and parsed using the default Rails ActiveSupport::XMLMini backend (or the standard XML::Parser in older versions of Rails).  A spam_question and an encrypted array of possible answers are assigned to the model.
+
+validate_textcaptcha is called on @model.validate and checks that the @model.spam_answer matches one of the possible answers (decrypted).  This validation is _only_ carried out on new records, i.e. never on edit, only on create.  All attempted spam answers are case-insensitive and have trailing/leading white-space removed.
+
+perform_textcaptcha? is a simple utility method (that can be overridden in your model)  It allows you to define whether the spam check should be carried out at all.  For example, to turn off spam checking for logged in users.
+
+If an error or timeout occurs in loading or parsing the API, ActsAsTextcaptcha will fall back to choose a random logic question defined in your options.  If the web service fails or no API key is specified AND no alternate questions are configured, the @model will not require spam checking and will pass as valid.
+
+For more details on the code please check the {documentation}[http://rdoc.info/projects/matthutchinson/acts_as_textcaptcha].  Tests are written with  {MiniTest}[https://rubygems.org/gems/minitest] and code coverage is provided by {SimpleCov}[https://github.com/colszowka/simplecov]
+
 == Requirements
 
 What do you need?
 
 * {Rails}[http://github.com/rails/rails] >= 2.3.2  (including Rails 3)
-* {Ruby}[http://ruby-lang.org/] >= 1.8.7 (also tested with REE and Ruby 1.9.2)                                                                                                                      
-* {bcrypt-ruby}[http://bcrypt-ruby.rubyforge.org/] gem (to securely encrypt the spam answers in your session)
-* {Text CAPTCHA api key}[http://textcaptcha.com/register] (_optional_, since you can define your own logic questions, see below for details)             
-* {Rspec2}[http://rspec.info/] (_optional_ if you want to run the tests, requires >= rspec2)
+* {Ruby}[http://ruby-lang.org/] >= 1.8.7 (also tested with REE and Ruby 1.9.2)
+* {bcrypt-ruby}[http://bcrypt-ruby.rubyforge.org/] gem (to securely encrypt spam answers)
+* {Text CAPTCHA API key}[http://textcaptcha.com/register] (_optional_, since you can define your own logic questions, see below for details)
+* {MiniTest}[https://rubygems.org/gems/minitest] (_optional_ if you want to run the tests, built into Ruby 1.9)
 
 == Links
-                                                          
+
 * {Documentation}[http://rdoc.info/projects/matthutchinson/acts_as_textcaptcha]
 * {Demo}[http://textcaptcha.heroku.com]
 * {Code}[http://github.com/matthutchinson/acts_as_textcaptcha]
 * {Wiki}[http://wiki.github.com/matthutchinson/acts_as_textcaptcha/]
 * {Bug Tracker}[http://github.com/matthutchinson/acts_as_textcaptcha/issues]
-* {Gem}[http://rubygems.org/gems/acts_as_textcaptcha]   
-* {Code Metrics}[http://getcaliper.com/caliper/project?repo=http%3A%2F%2Frubygems.org%2Fgems%2Facts_as_textcaptcha] (flay, reek, churn etc.)
+* {Gem}[http://rubygems.org/gems/acts_as_textcaptcha]
 
 == Who's who?
 
 * {ActsAsTextcaptcha}[http://github.com/matthutchinson/acts_as_textcaptcha] and {little robot drawing}[http://www.flickr.com/photos/hiddenloop/4541195635/] by {Matthew Hutchinson}[http://matthewhutchinson.net]
-* {Text CAPTCHA}[http://textcaptcha.com] api and service by {Rob Tuley}[http://openknot.com/me/] at {Openknot}[http://openknot.com]
+* {Text CAPTCHA}[http://textcaptcha.com] API and service by {Rob Tuley}[http://openknot.com/me/] at {Openknot}[http://openknot.com]
 * {bcrypt-ruby}[http://bcrypt-ruby.rubyforge.org/] Gem by {Coda Hale}[http://codahale.com]
 
 == Todo
 
-* Fix issue with multiple forms open in the same session
+* Achieve 100% test coverage, currently at 93%
 
 == Usage
 
-This code is currently used in a number of production websites and apps. It was originally extracted from code developed for {Bugle}[http://bugleblogs.com]
+This gem is used in a number of production websites and apps. It was originally extracted from code developed for {Bugle}[http://bugleblogs.com]
 
 * {matthewhutchinson.net}[http://matthewhutchinson.net]
 * {pmFAQtory.com}[http://pmfaqtory.com]

data/Rakefile

@@ -1,19 +1,29 @@
 gem 'rdoc'
 
-require 'bundler'
-require 'rdoc/task'
-require 'rspec/core/rake_task'
-require 'rcov/rcovtask'
+# default rake
+task :default => [:test]
 
 # bundler tasks
+require 'bundler'
 Bundler::GemHelper.install_tasks
 
-# rspec tasks
-RSpec::Core::RakeTask.new(:spec) do |t|
-  t.rspec_opts = "--color --format=doc"
+# run all tests
+require 'rake/testtask'
+Rake::TestTask.new do |t|
+  t.pattern = "test/*_test.rb"
+end
+
+# code coverage
+namespace :test do
+  desc "Run all tests and generate a code coverage report (simplecov)"
+  task :coverage do
+    ENV['COVERAGE'] = 'true'
+    Rake::Task['test'].execute
+  end
 end
 
 # rdoc tasks
+require 'rdoc/task'
 RDoc::Task.new do |rd|
   rd.main     = "README.rdoc"
   rd.title    = 'acts_as_textcaptcha'

data/acts_as_textcaptcha.gemspec

@@ -9,25 +9,24 @@ Gem::Specification.new do |s|
   s.authors     = ["Matthew Hutchinson"]
   s.email       = ["matt@hiddenloop.com"]
   s.homepage    = "http://github.com/matthutchinson/acts_as_textcaptcha"
-  s.summary     = %q{Spam protection for your models via logic questions and the excellent textcaptcha.com api}
-  s.description = %q{Spam protection for your ActiveRecord models using logic questions and the excellent textcaptcha api. See textcaptcha.com for more details and to get your api key.
-  The logic questions are aimed at a child's age of 7, so can be solved easily by all but the most cognitively impaired users. As they involve human logic, such questions cannot be solved by a robot.
-  For more reasons on why logic questions are useful, see here; http://textcaptcha.com/why}
+  s.summary     = %q{Spam protection for your models via logic questions and the textcaptcha.com API}
+  s.description = %q{Simple question/answer based spam protection for your Rails models.
+  You can define your own logic questions and/or fetch questions from the textcaptcha.com API.
+  The questions involve human logic and are tough for spam bots to crack.
+  For more reasons on why logic questions are a good idea visit; http://textcaptcha.com/why}
 
   s.extra_rdoc_files = ['README.rdoc', 'LICENSE']
 
   s.files         = `git ls-files`.split("\n")
-  s.test_files    = `git ls-files -- {test,spec,features}/*`.split("\n")
-  s.executables   = `git ls-files -- bin/*`.split("\n").map{ |f| File.basename(f) }
+  s.test_files    = `git ls-files -- {test}/*`.split("\n")
   s.require_paths = ["lib"]
 
-  s.add_dependency('bcrypt-ruby', '~> 2.1.2')
+  s.add_dependency('bcrypt-ruby', '~> 2.1.4')
 
   s.add_development_dependency('rails')
-  s.add_development_dependency('activerecord')
   s.add_development_dependency('bundler')
-  s.add_development_dependency('rspec')
-  s.add_development_dependency('rcov')
+  s.add_development_dependency('simplecov')
   s.add_development_dependency('rdoc')
   s.add_development_dependency('sqlite3')
+  s.add_development_dependency('fakeweb')
 end

data/config/textcaptcha.yml

@@ -1,12 +1,9 @@
-development: &non_production_settings
-  api_key: 8u5ixtdnq9csc84cok0owswgo
-  # bcrypt can be used to encrypt valid possible answers in your session; http://bcrypt-ruby.rubyforge.org/
-  # (recommended if you are using cookie session storage)
-  # NOTE: bcrypt_salt must be a valid bcrypt salt; for security PLEASE CHANGE THIS, open irb and enter; require 'bcrypt'; BCrypt::Engine.generate_salt
-  bcrypt_salt: $2a$10$j0bmycH.SVfD1b5mpEGPpe
-  # an optional logarithmic var which determines how computational expensive the hash is to calculate (a cost of 4 is twice as much work as a cost of 3)
-  bcrypt_cost: 10 # default is 10, must be > 4 (large number means slower encryption)
-  # if you'd rather NOT use bcrypt, just remove these two settings, bcrypt_salt and bcrypt_cost, valid possible answers will be MD5 digested in your session
+development: &common_settings
+  api_key: PASTE_YOUR_TEXTCAPCHA_API_KEY_HERE  # grab one from http://textcaptcha.com/api
+  bcrypt_salt: RAKE_GENERATED_SALT_PLACEHOLDER   # must be a valid bcrypt salt, we've generated this one for you randomly
+                                               # generate another with; require 'bcrypt'; BCrypt::Engine.generate_salt
+  bcrypt_cost: 10 # optional (default is 10) must be > 4 (a larger number means slower, but better encryption)
+                  # see http://bcrypt-ruby.rubyforge.org for more information on bcrypt
   questions:
       - question: 'Is ice hot or cold?'
         answers: 'cold'
@@ -30,7 +27,10 @@ development: &non_production_settings
         answers: '20,twenty'
 
 test:
-  *non_production_settings
+  <<: *common_settings
+  api_key: 6eh1co0j12mi2ogcoggkkok4o          # for gem test purposes only
+  bcrypt_salt: $2a$10$qhSefD6gKtmq6M0AzXk4CO  # for gem test purposes only
+  bcrypt_cost: 1
 
 production:
-  *non_production_settings
+  <<: *common_settings

data/init.rb

@@ -1,2 +1,2 @@
-# init.rb, not included in gemspec files, but required to work as a rails plugin
-require './vendor/plugins/acts_as_textcaptcha/lib/acts_as_textcaptcha'
+# this file is required to allow the gem to work as a rails plugin
+require './vendor/plugins/acts_as_textcaptcha/lib/acts_as_textcaptcha'

data/lib/acts_as_textcaptcha.rb

@@ -1,3 +1,3 @@
 require 'acts_as_textcaptcha/textcaptcha'
 require 'acts_as_textcaptcha/textcaptcha_helper'
-require "acts_as_textcaptcha/framework/rails#{Rails::VERSION::MAJOR}" if defined?(Rails)
+require "acts_as_textcaptcha/framework/rails#{Rails::VERSION::MAJOR < 3 ? 2 : nil}" if defined?(Rails)

data/lib/acts_as_textcaptcha/framework/{rails3.rb → rails.rb}

@@ -2,6 +2,6 @@ ActiveSupport.on_load(:active_record) do
   extend ActsAsTextcaptcha::Textcaptcha
 end
 
-ActiveSupport.on_load(:action_controller) do
+ActiveSupport.on_load(:action_view) do
   include ActsAsTextcaptcha::TextcaptchaHelper
-end                                                           
+end                                                           

data/lib/acts_as_textcaptcha/framework/rails2.rb

@@ -1,2 +1,2 @@
 ActiveRecord::Base.extend ActsAsTextcaptcha::Textcaptcha
-ActionController::Base.send(:include, ActsAsTextcaptcha::TextcaptchaHelper)
+ActionView::Base.send(:include, ActsAsTextcaptcha::TextcaptchaHelper)

data/lib/acts_as_textcaptcha/textcaptcha.rb

@@ -1,22 +1,21 @@
 require 'yaml'
 require 'net/http'
 require 'digest/md5'
-require 'logger'
 
-# compatiblity with < Rails 3.0.0
+# compatiblity when XmlMini is not available
 require 'xml' unless defined?(ActiveSupport::XmlMini)
 
 # if using as a plugin in /vendor/plugins
 begin
   require 'bcrypt'
 rescue LoadError => e
-  puts "ActsAsTextcaptcha - please gem install bcrypt-ruby and add `gem \"bcrypt-ruby\"` to your Gemfile (or environment config)"
-  raise e
+  raise "ActsAsTextcaptcha >> please gem install bcrypt-ruby and add `gem \"bcrypt-ruby\"` to your Gemfile (or environment config) #{e}"
 end
 
 module ActsAsTextcaptcha
 
-  if Rails.version =~ /^3\./
+  # dont use Railtie if Rails < 3
+  unless Rails::VERSION::MAJOR < 3
     class Railtie < ::Rails::Railtie
       rake_tasks do
         load "tasks/textcaptcha.rake"
@@ -24,20 +23,26 @@ module ActsAsTextcaptcha
     end
   end
 
+
   module Textcaptcha #:nodoc:
 
+    # raised if an empty response is ever returned from textcaptcha.com web service
+    class BadResponse < StandardError; end;
+
     def acts_as_textcaptcha(options = nil)
       cattr_accessor :textcaptcha_config
-      attr_accessor  :spam_answer, :spam_question, :possible_answers
-      validate       :validate_textcaptcha
+      attr_accessor  :spam_question, :spam_answers, :spam_answer
+      attr_protected :spam_question if respond_to?(:accessible_attributes) && accessible_attributes.nil?
+
+      validate :validate_textcaptcha
 
       if options.is_a?(Hash)
         self.textcaptcha_config = options.symbolize_keys!
       else
         begin
           self.textcaptcha_config = YAML.load(File.read("#{Rails.root ? Rails.root.to_s : '.'}/config/textcaptcha.yml"))[Rails.env].symbolize_keys!
-        rescue Errno::ENOENT
-          raise('./config/textcaptcha.yml not found')
+        rescue
+          raise 'could not find any textcaptcha options, in config/textcaptcha.yml or model - run rake textcaptcha:config to generate a template config file'
         end
       end
 
@@ -47,82 +52,95 @@ module ActsAsTextcaptcha
 
     module InstanceMethods
 
-      # override this method to toggle spam checking, default is on (true)
-      def perform_spam_check?; true end
+      # override this method to toggle textcaptcha spam checking, default is on (true)
+      def perform_textcaptcha?
+        true
+      end
 
-      # override this method to toggle allowing the model to be created, default is on (true)
-      # if returning false model.validate will always be false with errors on base
-      def allowed?; true end
+      # generate textcaptcha question and encrypt possible spam_answers
+      def textcaptcha
+        return if !perform_textcaptcha? || validate_spam_answer
+        self.spam_answer = nil
 
-      def validate_textcaptcha
-        # if not new_record? we dont spam check on existing records (ie. no spam check on updates/edits)
-        if !respond_to?('new_record?') || new_record?
-          if allowed?
-            if possible_answers && perform_spam_check? && !validate_spam_answer
-              errors.add(:spam_answer, :incorrect_answer, :message => "is incorrect, try another question instead")
-              return false
+        if textcaptcha_config
+          unless BCrypt::Engine.valid_salt?(textcaptcha_config[:bcrypt_salt])
+            raise BCrypt::Errors::InvalidSalt.new "you must specify a valid BCrypt Salt in your acts_as_textcaptcha options, get a salt from irb/console with\nrequire 'bcrypt';BCrypt::Engine.generate_salt\n\n(Please check Gem README for more details)\n"
+          end
+          if textcaptcha_config[:api_key]
+            begin
+              uri_parser = URI.const_defined?(:Parser) ? URI::Parser.new : URI # URI.parse is deprecated in 1.9.2
+              response   = Net::HTTP.get(uri_parser.parse("http://textcaptcha.com/api/#{textcaptcha_config[:api_key]}"))
+              if response.empty?
+                raise Textcaptcha::BadResponse
+              else
+                parse_textcaptcha_xml(response)
+              end
+              return
+            rescue SocketError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNREFUSED, Errno::ETIMEDOUT,
+                   Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError, URI::InvalidURIError,
+                   REXML::ParseException, Textcaptcha::BadResponse
+              # rescue from these errors and continue
             end
+          end
+
+          # fall back to textcaptcha_config questions
+          if textcaptcha_config[:questions]
+            random_question    = textcaptcha_config[:questions][rand(textcaptcha_config[:questions].size)].symbolize_keys!
+            self.spam_question = random_question[:question]
+            self.spam_answers  = encrypt_answers(random_question[:answers].split(',').map!{ |answer| md5_answer(answer) })
           else
-            errors.add(:base, :disabled, :message => "Sorry, adding a %{model} is currently disabled")
-            return false
+            self.spam_question = 'ActsAsTextcaptcha >> no API key (or questions) set and/or the textcaptcha service is currently unavailable (answer ok to bypass)'
+            self.spam_answers  = 'ok'
           end
         end
-        true
       end
 
-      def validate_spam_answer
-        (spam_answer && possible_answers) ? possible_answers.include?(encrypt_answer(Digest::MD5.hexdigest(spam_answer.strip.downcase.to_s))) : false
-      end
 
-      def encrypt_answers(answers)
-        answers.map {|answer| encrypt_answer(answer) }
+      private
+
+      def parse_textcaptcha_xml(xml)
+        if defined?(ActiveSupport::XmlMini)
+          parsed_xml = ActiveSupport::XmlMini.parse(xml)['captcha']
+          self.spam_question = parsed_xml['question']['__content__']
+          if parsed_xml['answer'].is_a?(Array)
+            self.spam_answers = encrypt_answers(parsed_xml['answer'].collect { |a| a['__content__'] })
+          else
+            self.spam_answers = encrypt_answers([parsed_xml['answer']['__content__']])
+          end
+        else
+          parsed_xml         = XML::Parser.string(xml).parse
+          self.spam_question = parsed_xml.find('/captcha/question')[0].inner_xml
+          self.spam_answers  = encrypt_answers(parsed_xml.find('/captcha/answer').map(&:inner_xml))
+        end
       end
 
-      def encrypt_answer(answer)
-        return answer unless(textcaptcha_config[:bcrypt_salt])
-        BCrypt::Engine.hash_secret(answer, textcaptcha_config[:bcrypt_salt], (textcaptcha_config[:bcrypt_cost].to_i || 10))
+      def validate_spam_answer
+        (spam_answer && spam_answers) ? spam_answers.split('-').include?(encrypt_answer(md5_answer(spam_answer))) : false
       end
 
-      def generate_spam_question(use_textcaptcha = true)
-        if use_textcaptcha && textcaptcha_config && textcaptcha_config[:api_key]
-          begin
-            resp = Net::HTTP.get(URI.parse('http://textcaptcha.com/api/'+textcaptcha_config[:api_key]))
-            return [] if resp.empty?
-
-            if defined?(ActiveSupport::XmlMini)
-              parsed_xml = ActiveSupport::XmlMini.parse(resp)['captcha']
-              self.spam_question    = parsed_xml['question']['__content__']
-              if parsed_xml['answer'].is_a?(Array)
-                self.possible_answers = encrypt_answers(parsed_xml['answer'].collect {|a| a['__content__']})
-              else
-                self.possible_answers = encrypt_answers([parsed_xml['answer']['__content__']])
-              end
-            else
-              parsed_xml            = XML::Parser.string(resp).parse
-              self.spam_question    = parsed_xml.find('/captcha/question')[0].inner_xml
-              self.possible_answers = encrypt_answers(parsed_xml.find('/captcha/answer').map(&:inner_xml))
-            end
-            return possible_answers if spam_question && !possible_answers.empty?
-          rescue SocketError, Timeout::Error, Errno::EINVAL, Errno::ECONNRESET, EOFError, Errno::ECONNREFUSED,
-                 Net::HTTPBadResponse, Net::HTTPHeaderSyntaxError, Net::ProtocolError, URI::InvalidURIError => e
-            log_textcaptcha("failed to load or parse textcaptcha with key '#{textcaptcha_config[:api_key]}'; #{e}")
+      def validate_textcaptcha
+        # only spam check on new/unsaved records (ie. no spam check on updates/edits)
+        if !respond_to?('new_record?') || new_record?
+          if perform_textcaptcha? && !validate_spam_answer
+            errors.add(:spam_answer, :incorrect_answer, :message => "is incorrect, try another question instead")
+            # regenerate question
+            textcaptcha
+            return false
           end
         end
+        true
+      end
 
-        # fall back to textcaptcha_config questions
-        if textcaptcha_config && textcaptcha_config[:questions]
-          log_textcaptcha('falling back to random logic question from config') if textcaptcha_config[:api_key]
-          random_question       = textcaptcha_config[:questions][rand(textcaptcha_config[:questions].size)].symbolize_keys!
-          self.spam_question    = random_question[:question]
-          self.possible_answers = encrypt_answers(random_question[:answers].split(',').map!{|ans| Digest::MD5.hexdigest(ans)})
-        end
-        possible_answers
+      def encrypt_answers(answers)
+        answers.map { |answer| encrypt_answer(answer) }.join('-')
       end
 
-      private
-      def log_textcaptcha(message)
-        logger ||= Logger.new(STDOUT)
-        logger.info "Textcaptcha >> #{message}"
+      def encrypt_answer(answer)
+        BCrypt::Engine.hash_secret(answer, textcaptcha_config[:bcrypt_salt], (textcaptcha_config[:bcrypt_cost].to_i || 10))
+      end
+
+      def md5_answer(answer)
+        Digest::MD5.hexdigest(answer.to_s.strip.downcase)
       end
     end
   end