altcha-rails 0.0.5 → 0.0.6

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (5) hide show
  1. checksums.yaml +4 -4
  2. data/README.md +18 -12
  3. data/altcha-rails.gemspec +1 -1
  4. data/lib/generators/altcha/install/templates/migrations/create_altcha_solutions.rb.erb +1 -1
  5. metadata +2 -2
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 90110a4f6b3610f15fc055ff3112584ebbce5d95c83bef42edbe1231c8ea8bfa
4
- data.tar.gz: 57b70648aca748843334555ef4248b797ec0a4c8afcdb80bdd5e838dd3a147e4
3
+ metadata.gz: 166ab2cdd6732e309f96c332d0483bcb16f984697f6f56ffab78357635aaccc3
4
+ data.tar.gz: baa9cf000ae61e2a1da2e3571827ff318d046ca3707e0341c6a6c036718b9278
5
5
  SHA512:
6
- metadata.gz: 521a8e5a81fa59babb816ea1ff8b352f57362af59744b01cab0dcb176fd458e899410d7273cd633fe4a8fac4cbce9bda0858b47193c5f1a916c0c51d41158561
7
- data.tar.gz: fcbf3c2d8cddaf1dd3e46e101df6334ab32b17ff2ca1da01a7b873a7ff9030f84730756c420f06b75e1ef4b826857ec27dabbc20bf3e7f3379633ee46fb15923
6
+ metadata.gz: 554a2a258ad6e498034ae21d82788ca50b93543fcdfe086cc346b270c8ebc35a7c44702a30bf3ca0d618ac3b38c0943f04099b47a34c37ad33c8f5a2e1555b11
7
+ data.tar.gz: 9acd0d3bedda678efb8480d9d4935cdc1e1d8f97455eeba40e4dbb692e9753a5d9662ce0d05f841f98af2d2288aa6102267e93765d6873df2c12d59d1b4be0f2
data/README.md CHANGED
@@ -4,7 +4,7 @@
4
4
 
5
5
  [ALTCHA](https://altcha.org/) is a protocol designed for safeguarding against spam and abuse by utilizing a proof-of-work mechanism. This protocol comprises both a client-facing widget and a server-side verification process.
6
6
 
7
- `altcha-ruby` is a Ruby gem that provides a simple way to integrate ALTCHA into your Ruby on Rails application.
7
+ `altcha-rails` is a Ruby gem that provides a simple way to integrate ALTCHA into your Ruby on Rails application.
8
8
 
9
9
  The main functionality of the gem is to generate a challenge and verify the response from the client. This is done in the library code. An initializer and a controller is installed in the host application to handle the challenge generation and verification.
10
10
 
@@ -13,14 +13,14 @@ The main functionality of the gem is to generate a challenge and verify the resp
13
13
  Add this line to your application's Gemfile:
14
14
 
15
15
  ```ruby
16
- gem 'altcha-ruby'
16
+ gem 'altcha-rails'
17
17
  ```
18
18
 
19
19
  Then execute `bundle install` to install the gem for your application.
20
20
 
21
21
  Next, run the generator to install the initializer and the controller:
22
22
 
23
- ```bash
23
+ ```
24
24
  $ rails generate altcha:install
25
25
  create app/models/altcha_solution.rb
26
26
  create app/controllers/altcha_controller.rb
@@ -31,6 +31,8 @@ $ rails generate altcha:install
31
31
 
32
32
  This will create an initializer file at `config/initializers/altcha.rb` and a controller at `app/controllers/altcha_controller.rb` as well as a route in `config/routes.rb` and a model at `app/models/altcha-solutions.rb` (see below).
33
33
 
34
+ You will also have to run 'rails db:migrate` to apply pending changes to the database.
35
+
34
36
  ## Configuration
35
37
 
36
38
  The initializer file `config/initializers/altcha.rb` contains the following configuration options:
@@ -45,7 +47,7 @@ end
45
47
  ```
46
48
 
47
49
  The `algorithm` option specifies the hashing algorithm to use and must currently be set to `SHA-256`.
48
- It is crucial change the `hmac_key` to a secure value. This key is used to sign the challenge and the response,
50
+ It is crucial change the `hmac_key` to a random value. This key is used to sign the challenge and the response,
49
51
  so it must be treated as a secret within your application.
50
52
  The `num_range` option specifies the range of numbers to use in the challenge and determines the difficulty of the proof-of-work.
51
53
  For an explanation of the `timeout` option see below.
@@ -65,31 +67,35 @@ To also guard against replay attacks within the configured `timeout` period, the
65
67
  store completed responses. A unique constraint is added to the database to prevent the same response from being stored.
66
68
 
67
69
  As these stored solutions are useless after the `timeout` period, the `AltchaSolution.cleanup` convenience function
68
- should be called regularly.
70
+ should be called regularly to purge outdates soltutions from the database.
69
71
 
70
72
  ## Usage
71
73
 
72
74
  You need to include the ALTCHA javascript widget in your application's asset pipeline. This is not done by the gem
73
75
  at this point. Read up on the [ALTCHA documentation](https://altcha.org/docs/website-integration) for more information.
74
76
 
75
- Add then following code to the form you want to protect:
77
+ Then add the following code to the form you want to protect:
76
78
 
77
79
  ```erb
78
80
  <altcha-widget challengeurl="<%= altcha_url() %>"></altcha-widget>
79
81
  ```
80
82
 
81
- The widget will create a hidden input field with the name `altcha` and the response to the challenge as its value.
83
+ Once the user clicks the checkbox, the widget will send a request to the server to get a new challenge.
84
+ When the user-side code inside the widget found the solution to the challenge, the spinner will stop
85
+ and a hidden input field with the name `altcha` will be created in the form to convey the solution as
86
+ base64 encoded JSON dictionary.
82
87
 
83
88
  In the controller that handles the form submission, you can verify the response with the following code:
84
89
 
85
90
  ```ruby
86
91
  def create
87
- @model = Model.new(model_params)
92
+ @model = Model.create(model_params)
88
93
 
89
- unless AltchaSolution.verify_and_save(params.permit(:altcha)[:altcha])
90
- flash.now[:alert] = 'ALTCHA verification failed.'
91
- render :new
92
- return
94
+ unless AltchaSolution.verify_and_save(params.permit(:altcha)[:altcha])
95
+ flash.now[:alert] = 'ALTCHA verification failed.'
96
+ render :new, status: :unprocessable_entity
97
+ return
98
+ end
93
99
 
94
100
  # ...
95
101
  end
data/altcha-rails.gemspec CHANGED
@@ -2,7 +2,7 @@
2
2
 
3
3
  Gem::Specification.new do |s|
4
4
  s.name = "altcha-rails"
5
- s.version = "0.0.5"
5
+ s.version = "0.0.6"
6
6
  s.authors = ["Daniel Mack"]
7
7
  s.homepage = "https://github.com/zonque/altcha-rails"
8
8
  s.metadata = { "source_code_uri" => "https://github.com/zonque/altcha-rails" }
data/lib/generators/altcha/install/templates/migrations/create_altcha_solutions.rb.erb CHANGED
@@ -10,6 +10,6 @@ class CreateAltchaSolutions < ActiveRecord::Migration[<%= ActiveRecord::Migratio
10
10
  t.timestamps
11
11
  end
12
12
 
13
- add_index :altcha_solutions, [ :algorithm, :challenge, :salt, :signature, :number ], unique: true
13
+ add_index :altcha_solutions, [ :algorithm, :challenge, :salt, :signature, :number ], unique: true, name: 'index_altcha_solutions'
14
14
  end
15
15
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: altcha-rails
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.0.5
4
+ version: 0.0.6
5
5
  platform: ruby
6
6
  authors:
7
7
  - Daniel Mack
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2024-02-11 00:00:00.000000000 Z
11
+ date: 2024-04-28 00:00:00.000000000 Z
12
12
  dependencies: []
13
13
  description: ALTCHA is a free, open-source CAPTCHA alternative that protects your
14
14
  website from spam and abuse