cloudflare-turnstile-rails 0.8.0 → 0.9.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: '087645e721fc666c38e61d1ec636da847d0d4066b364fe0cfbcaed4d7a080559'
-  data.tar.gz: 334e358ee80c3ddc22a020b3646db47d7b9e1b91afb2319240364275822b58ce
+  metadata.gz: ab251a17ed52bd0e141cbf139543e49b00fc786ddfec79e9ef8c47f8e52cd25b
+  data.tar.gz: 22fdeb19187f6a44b8f1ff0da9b40011e5cdd8f6cb51956821cbcc720bbe7a0f
 SHA512:
-  metadata.gz: 64f54d13d40a27a65eaafb793a6bfb0e70cfdce39aba24f057a171a618f00899ed01a32aacc32c5ac8f9cbea58a2e44649a3e446eadfe6c966654a9611abd3c0
-  data.tar.gz: dcabd769cc15cd4945f5ef42bdf1bb29038eb581fd88531f3b3f5838ad7e9e25e234071e889792c8f921221a1a1ca1e69a4a0ac4bc7346d743a9e92eabf415b4
+  metadata.gz: 58745614a8eb83139d697248a31e258bf33af84cdd8e306f975fa7e6c6f21c11b42c19850cbdd1906d9d3dc85dbbf47bbda3479560501fbd139c024a80e93398
+  data.tar.gz: ceb98520676e173b2a47dfddc3a97f7eba12495fb641555e8771e7aac81928c988ab99062eaf4e1fd8ed61ddfcb1d82c258f69a02e9fe1d0e285ece82898c89e

data/.rubocop.yml

@@ -14,6 +14,7 @@ AllCops:
 Layout/LineLength:
   Max: 120
   Exclude:
+    - lib/cloudflare/turnstile/rails/constants/*.rb
     - cloudflare-turnstile-rails.gemspec
 
 Layout/SpaceInsideHashLiteralBraces:
@@ -28,5 +29,10 @@ Minitest/MultipleAssertions:
 Style/Documentation:
   Enabled: false
 
+Style/EmptyElse:
+  Exclude:
+    - README.md
+
 Style/FrozenStringLiteralComment:
-  EnforcedStyle: never
+  EnforcedStyle: never
+

data/README.md

@@ -6,6 +6,8 @@
 
 A lightweight Rails helper for effortless Cloudflare Turnstile integration with Turbo support and CSP compliance.
 
+[!["Buy Me A Coffee"](https://www.buymeacoffee.com/assets/img/custom_images/yellow_img.png)](https://www.buymeacoffee.com/vkononov)
+
 ## Features
 
 * **One‑line integration**: `<%= cloudflare_turnstile_tag %>` in views, `verify_turnstile(model:)` in controllers — no extra wiring.
@@ -82,21 +84,66 @@ However, it is recommended to match your `theme` and `language` to your app’s
 
 ### Backend Validation
 
-In your controller, call:
+To validate a Turnstile response in your controller, use either `valid_turnstile?` or `turnstile_valid?`. Both methods behave identically and return a boolean. The `model` parameter is optional:
 
 ```ruby
-if verify_turnstile(model: @user)
-  # success → returns a VerificationResponse object
+if valid_turnstile?(model: @user)
+  # Passed: returns true
 else
-  # failure → returns false and adds errors to `@user`
+  # Failed: returns false, adds errors to @user
   render :new, status: :unprocessable_entity
 end
 ```
 
-* In addition to the `model` option, you can pass any **siteverify** parameters (e.g., `secret`, `remoteip`, `idempotency_key`) supported by Cloudflare’s server-side validation API:
-  [https://developers.cloudflare.com/turnstile/get-started/server-side-validation/#accepted-parameters](https://developers.cloudflare.com/turnstile/get-started/server-side-validation/#accepted-parameters)
+You may also pass additional **siteverify** parameters (e.g., `secret`, `response`, `remoteip`, `idempotency_key`) supported by Cloudflare’s API:
+[Cloudflare Server-Side Validation Parameters](https://developers.cloudflare.com/turnstile/get-started/server-side-validation/#accepted-parameters)
+
+#### Accessing Full Validation Details
+
+To inspect the entire verification payload, use `verify_turnstile`. It returns a `VerificationResponse` object with detailed information:
+
+```ruby
+result = verify_turnstile(model: @user)
+```
+
+This method still adds errors to the model if verification fails. You can query the response:
 
-* On success, `verify_turnstile` returns a `VerificationResponse` (with methods like `.success?`, `.errors`, `.action`, `.cdata`), so you can inspect frontend-set values (`data-action`, `data-cdata`, etc.). On failure it returns `false` and adds a validation error to your model (if provided).
+```ruby
+if result.success?
+  # Passed
+else
+  # Failed — inspect result.errors or result.raw
+end
+```
+
+#### Example Responses
+
+```ruby
+# Success:
+Cloudflare::Turnstile::Rails::VerificationResponse @raw = {
+  'success' => true,
+  'error-codes' => [],
+  'challenge_ts' => '2025-05-19T02:52:31.179Z',
+  'hostname' => 'example.com',
+  'metadata' => { 'result_with_testing_key' => true }
+}
+
+# Failure:
+Cloudflare::Turnstile::Rails::VerificationResponse @raw = {
+  'success' => false,
+  'error-codes' => ['invalid-input-response'],
+  'messages' => [],
+  'metadata' => { 'result_with_testing_key' => true }
+}
+```
+
+#### Response Methods
+
+The following instance methods are available on `VerificationResponse`:
+
+```plaintext
+action, cdata, challenge_ts, errors, hostname, metadata, raw, success?, to_h
+```
 
 ### Turbo & Turbo Streams Support
 

data/lib/cloudflare/turnstile/rails/configuration.rb

@@ -3,7 +3,7 @@ module Cloudflare
     module Rails
       class Configuration
         attr_writer :script_url
-        attr_accessor :site_key, :secret_key, :render, :onload
+        attr_accessor :site_key, :secret_key, :render, :onload, :auto_populate_response_in_test_env
 
         def initialize
           @script_url = Cloudflare::SCRIPT_URL
@@ -11,6 +11,7 @@ module Cloudflare
           @secret_key = nil
           @render = nil
           @onload = nil
+          @auto_populate_response_in_test_env = true
         end
 
         # Dynamically build the URL every time, so that
@@ -25,16 +26,6 @@ module Cloudflare
 
           params.empty? ? Cloudflare::SCRIPT_URL : "#{Cloudflare::SCRIPT_URL}?#{params.join('&')}"
         end
-
-        def validate!
-          if site_key.nil? || site_key.strip.empty?
-            raise ConfigurationError, 'Cloudflare Turnstile site_key is not set.'
-          end
-
-          return unless secret_key.nil? || secret_key.strip.empty?
-
-          raise ConfigurationError, 'Cloudflare Turnstile secret_key is not set.'
-        end
       end
     end
   end

data/lib/cloudflare/turnstile/rails/constants/{error_codes.rb → error_code.rb}

@@ -1,7 +1,7 @@
 module Cloudflare
   module Turnstile
     module Rails
-      module ErrorCodes
+      module ErrorCode
         # https://developers.cloudflare.com/turnstile/get-started/server-side-validation/#error-codes
 
         MISSING_INPUT_SECRET = 'missing-input-secret'.freeze

data/lib/cloudflare/turnstile/rails/constants/error_message.rb

@@ -0,0 +1,26 @@
+require_relative 'error_code'
+
+module Cloudflare
+  module Turnstile
+    module Rails
+      module ErrorMessage
+        MAP = {
+          ErrorCode::TIMEOUT_OR_DUPLICATE => 'Turnstile token has already been used or expired.'.freeze,
+          ErrorCode::INVALID_INPUT_RESPONSE => 'Turnstile response parameter is invalid.'.freeze,
+          ErrorCode::MISSING_INPUT_RESPONSE => 'Turnstile response parameter was not passed.'.freeze,
+          ErrorCode::BAD_REQUEST => 'Turnstile request was rejected because it was malformed.'.freeze,
+          ErrorCode::INTERNAL_ERROR => 'Turnstile Internal error occurred while validating the response. Please try again.'.freeze,
+          ErrorCode::MISSING_INPUT_SECRET => 'Turnstile secret key missing.'.freeze,
+          ErrorCode::INVALID_INPUT_SECRET => 'Turnstile secret parameter was invalid, did not exist, or is a testing secret key with a non-testing response.'.freeze
+        }.freeze
+
+        DEFAULT = "We could not verify that you're human. Please try again.".freeze
+
+        def self.for(code)
+          base = MAP.fetch(code, DEFAULT)
+          "#{base} (#{code})"
+        end
+      end
+    end
+  end
+end

data/lib/cloudflare/turnstile/rails/controller_methods.rb

@@ -1,36 +1,28 @@
-require_relative 'constants/cloudflare'
-require_relative 'constants/error_messages'
+require_relative 'constants/error_message'
 require_relative 'verification'
 
 module Cloudflare
   module Turnstile
     module Rails
       module ControllerMethods
-        def verify_turnstile(model: nil, secret: nil, response: nil, remoteip: nil, idempotency_key: nil) # rubocop:disable Metrics/CyclomaticComplexity, Metrics/MethodLength
+        def verify_turnstile(model: nil, **opts)
           response ||= params[Cloudflare::RESPONSE_FIELD_NAME]
-
-          if response.nil? || response.strip.empty?
-            error_message = ErrorMessages::MISSING_TOKEN_MESSAGE
-            model&.errors&.add(:base, error_message)
-            return false
-          end
-
-          result = Rails::Verification.verify(
-            secret: secret,
-            response: response,
-            remoteip: remoteip,
-            idempotency_key: idempotency_key
-          )
+          result = Rails::Verification.verify(response: response, **opts)
 
           unless result.success?
-            error_code = result.errors.first
-            error_message = ErrorMessages::MAP.fetch(error_code, ErrorMessages::DEFAULT_MESSAGE)
-            model&.errors&.add(:base, error_message)
-            return false
+            message = ErrorMessage::DEFAULT
+            model&.errors&.add(:base, message)
           end
 
           result
         end
+
+        def valid_turnstile?(model: nil, **opts)
+          response = verify_turnstile(model: model, **opts)
+          response.is_a?(VerificationResponse) && response.success?
+        end
+
+        alias turnstile_valid? valid_turnstile?
       end
     end
   end

data/lib/cloudflare/turnstile/rails/helpers.rb

@@ -6,8 +6,6 @@ module Cloudflare
       module Helpers
         def cloudflare_turnstile_tag(site_key: nil, include_script: true, **html_options) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength
           site_key ||= Rails.configuration.site_key
-          Rails.configuration.validate!
-
           html_options[:class] = Cloudflare::WIDGET_CLASS unless html_options.key?(:class)
           html_options[:data] ||= {}
           html_options[:data][:sitekey] ||= site_key

data/lib/cloudflare/turnstile/rails/verification.rb

@@ -1,3 +1,5 @@
+require 'net/http'
+
 require_relative 'constants/cloudflare'
 
 module Cloudflare
@@ -44,35 +46,36 @@ module Cloudflare
       end
 
       module Verification
-        def self.verify(response:, secret: nil, remoteip: nil, idempotency_key: nil) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-          raise ConfigurationError, 'Turnstile response token is missing' if response.nil? || response.strip.empty?
+        def self.verify(response: nil, secret: nil, remoteip: nil, idempotency_key: nil) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
+          if response.nil? || response.strip.empty?
+            unless ::Rails.env.test? && Rails.configuration.auto_populate_response_in_test_env
+              raise ConfigurationError, ErrorMessage.for(ErrorCode::MISSING_INPUT_RESPONSE)
+            end
 
-          config = Rails.configuration
-          secret ||= config.secret_key
+            response = 'dummy-response'
+          end
 
-          raise ConfigurationError, 'Cloudflare Turnstile secret_key is not set.' if secret.nil? || secret.strip.empty?
+          secret ||= Rails.configuration.secret_key
+          if secret.nil? || secret.strip.empty?
+            raise ConfigurationError, ErrorMessage.for(ErrorCode::MISSING_INPUT_SECRET)
+          end
 
-          body = {
-            'secret' => secret,
-            'response' => response
-          }
+          body = { 'secret' => secret, 'response' => response }
           body['remoteip'] = remoteip if remoteip
           body['idempotency_key'] = idempotency_key if idempotency_key
 
           uri = URI.parse(Cloudflare::SITE_VERIFY_URL)
-          headers = { 'Content-Type' => 'application/x-www-form-urlencoded' }
-          http = Net::HTTP.new(uri.host, uri.port)
-          http.use_ssl = true
-
-          request = Net::HTTP::Post.new(uri.request_uri, headers)
+          request = Net::HTTP::Post.new(uri.request_uri, 'Content-Type': 'application/x-www-form-urlencoded')
           request.set_form_data(body)
 
-          response = http.request(request)
-          json = JSON.parse(response.body)
+          res = Net::HTTP.start(uri.host, uri.port, use_ssl: true) { |http| http.request(request) }
+          begin
+            json = JSON.parse(res.body)
+          rescue JSON::ParserError
+            raise ConfigurationError, ErrorMessage.for(ErrorCode::INTERNAL_ERROR)
+          end
 
           VerificationResponse.new(json)
-        rescue JSON::ParserError
-          raise ConfigurationError, 'Unable to parse Cloudflare Turnstile verification response'
         end
       end
     end

data/lib/cloudflare/turnstile/rails/version.rb

@@ -1,7 +1,7 @@
 module Cloudflare
   module Turnstile
     module Rails
-      VERSION = '0.8.0'.freeze
+      VERSION = '0.9.0'.freeze
     end
   end
 end

data/lib/generators/cloudflare_turnstile/templates/cloudflare_turnstile.rb

@@ -15,4 +15,9 @@ Cloudflare::Turnstile::Rails.configure do |config|
   # If `script_url` is provided, it will be used directly and render/onload options will be ignored.
   # config.render = 'explicit'
   # config.onload = 'onloadTurnstileCallback'
+
+  # In the Rails Test environment, automatically fill in a dummy response if none was provided.
+  # This lets you keep existing controller tests without having to add
+  # params["cf-turnstile-response"] manually in every test.
+  # config.auto_populate_response_in_test_env = true
 end

metadata

@@ -1,13 +1,13 @@
 --- !ruby/object:Gem::Specification
 name: cloudflare-turnstile-rails
 version: !ruby/object:Gem::Version
-  version: 0.8.0
+  version: 0.9.0
 platform: ruby
 authors:
 - Vadim Kononov
 bindir: exe
 cert_chain: []
-date: 2025-05-13 00:00:00.000000000 Z
+date: 1980-01-02 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -40,8 +40,8 @@ files:
 - lib/cloudflare/turnstile/rails/assets/javascripts/cloudflare_turnstile_helper.js
 - lib/cloudflare/turnstile/rails/configuration.rb
 - lib/cloudflare/turnstile/rails/constants/cloudflare.rb
-- lib/cloudflare/turnstile/rails/constants/error_codes.rb
-- lib/cloudflare/turnstile/rails/constants/error_messages.rb
+- lib/cloudflare/turnstile/rails/constants/error_code.rb
+- lib/cloudflare/turnstile/rails/constants/error_message.rb
 - lib/cloudflare/turnstile/rails/controller_methods.rb
 - lib/cloudflare/turnstile/rails/engine.rb
 - lib/cloudflare/turnstile/rails/helpers.rb
@@ -50,21 +50,6 @@ files:
 - lib/cloudflare/turnstile/rails/version.rb
 - lib/generators/cloudflare_turnstile/install_generator.rb
 - lib/generators/cloudflare_turnstile/templates/cloudflare_turnstile.rb
-- templates/shared/app/controllers/books_controller.rb.tt
-- templates/shared/app/controllers/pages_controller.rb
-- templates/shared/app/models/book.rb.tt
-- templates/shared/app/views/books/_form.html.erb
-- templates/shared/app/views/books/create.js.erb
-- templates/shared/app/views/books/new.html.erb
-- templates/shared/app/views/books/new2.html.erb
-- templates/shared/app/views/pages/home.html.erb
-- templates/shared/cloudflare_turbolinks_ajax_cache.js
-- templates/shared/config/initializers/cloudflare_turnstile.rb
-- templates/shared/config/routes.rb
-- templates/shared/test/application_system_test_case.rb
-- templates/shared/test/controllers/books_controller_test.rb
-- templates/shared/test/system/books_test.rb
-- templates/template.rb
 homepage: https://github.com/vkononov/cloudflare-turnstile-rails
 licenses:
 - MIT
@@ -87,7 +72,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.6.2
+rubygems_version: 3.6.7
 specification_version: 4
 summary: Simple Cloudflare Turnstile integration for Ruby on Rails.
 test_files: []

data/lib/cloudflare/turnstile/rails/constants/error_messages.rb

@@ -1,22 +0,0 @@
-require_relative 'error_codes'
-
-module Cloudflare
-  module Turnstile
-    module Rails
-      module ErrorMessages
-        MAP = {
-          ErrorCodes::TIMEOUT_OR_DUPLICATE => 'Turnstile token has already been used or expired.',
-          ErrorCodes::INVALID_INPUT_RESPONSE => 'Turnstile token is invalid.',
-          ErrorCodes::MISSING_INPUT_RESPONSE => 'Turnstile response was missing.',
-          ErrorCodes::BAD_REQUEST => 'Bad request to Turnstile verification API.',
-          ErrorCodes::INTERNAL_ERROR => 'Internal error at Turnstile. Please try again.',
-          ErrorCodes::MISSING_INPUT_SECRET => 'Server misconfiguration: Turnstile secret key missing.',
-          ErrorCodes::INVALID_INPUT_SECRET => 'Server misconfiguration: Turnstile secret key invalid.'
-        }.freeze
-
-        DEFAULT_MESSAGE = "We could verify that you're human. Please try again.".freeze
-        MISSING_TOKEN_MESSAGE = 'Cloudflare Turnstile verification missing.'.freeze
-      end
-    end
-  end
-end

data/templates/shared/app/controllers/books_controller.rb.tt

@@ -1,42 +0,0 @@
-class BooksController < ApplicationController
-  def new
-    @book = Book.new
-  end
-
-  def new2
-    @book1 = Book.new
-    @book2 = Book.new
-  end
-
-  def create
-    @book = Book.new(book_params)
-
-    respond_to do |format|
-      if verify_turnstile(model: @book) && @book.valid?
-        format.html { redirect_to new_book_url, notice: "Book was successfully created." }
-      else
-        format.html { render :new, status: :unprocessable_entity }
-        format.js
-<% if Gem::Version.new(Rails.version) >= Gem::Version.new("7.0.0") -%>
-        format.turbo_stream do
-          render turbo_stream: turbo_stream.replace(
-            params[:turbo_form_id],
-            partial: "books/form",
-            locals: { book: @book, turbo_form_id: params[:turbo_form_id] }
-          )
-        end
-<% end -%>
-      end
-    end
-  end
-
-  private
-
-  def book_params
-<% if Gem::Version.new(Rails.version) >= Gem::Version.new("8.0.0") -%>
-    params.expect(book: [:title])
-<% else -%>
-    params.require(:book).permit(:title)
-<% end -%>
-  end
-end

data/templates/shared/app/controllers/pages_controller.rb

@@ -1,3 +0,0 @@
-class PagesController < ApplicationController
-  def home; end
-end

data/templates/shared/app/models/book.rb.tt

@@ -1,19 +0,0 @@
-class Book
-  include ActiveModel::Model
-  include ActiveModel::Validations
-<% if Gem::Version.new(Rails.version) >= Gem::Version.new("6.0.0") -%>
-  include ActiveModel::Attributes
-
-  attribute :title, :string
-<% else -%>
-
-  attr_accessor :title
-
-  def initialize(attributes = {})
-    super
-    @title = attributes[:title]
-  end
-<% end -%>
-
-  validates :title, presence: true
-end

data/templates/shared/app/views/books/_form.html.erb

@@ -1,20 +0,0 @@
-<%= form_for(book, remote: true, html: { id: turbo_form_id }) do |form| %>
-  <% if book.errors.any? %>
-    <ul>
-      <% book.errors.full_messages.each do |message| %>
-        <li><%= message %></li>
-      <% end %>
-    </ul>
-  <% end %>
-
-  <%= hidden_field_tag :turbo_form_id, turbo_form_id %>
-
-  <p>
-    <%= form.label :title %>
-    <%= form.text_field :title %>
-  </p>
-
-  <%= cloudflare_turnstile_tag data: {theme: 'dark'} %>
-
-  <%= form.submit %>
-<% end %>

data/templates/shared/app/views/books/create.js.erb

@@ -1,15 +0,0 @@
-(function() {
-    const oldForm = document.getElementById("<%= j params[:turbo_form_id] %>");
-    const newFormHTML = `<%= j render(partial: 'books/form', locals: { book: @book, turbo_form_id: params[:turbo_form_id] }) %>`;
-
-    const tempWrapper = document.createElement("div");
-    tempWrapper.innerHTML = newFormHTML;
-    const newForm = tempWrapper.firstElementChild;
-
-    oldForm.replaceWith(newForm);
-
-    const turnstileContainer = newForm.querySelector('.cf-turnstile');
-    if (typeof turnstile !== "undefined" && turnstileContainer && turnstileContainer.childElementCount === 0) {
-        turnstile.render(turnstileContainer);
-    }
-})();

data/templates/shared/app/views/books/new.html.erb

@@ -1,5 +0,0 @@
-<p><%= notice %></p>
-
-<h1>New Book</h1>
-
-<%= render "form", book: @book, turbo_form_id: 'book-form' %>

data/templates/shared/app/views/books/new2.html.erb

@@ -1,9 +0,0 @@
-<p><%= notice %></p>
-
-<h1>New Book 1</h1>
-
-<%= render "form", book: @book1, turbo_form_id: 'book-form1' %>
-
-<h1>New Book 2</h1>
-
-<%= render "form", book: @book2, turbo_form_id: 'book-form2' %>

data/templates/shared/app/views/pages/home.html.erb

@@ -1,4 +0,0 @@
-<h1>Pages#home</h1>
-<p>Find me in app/views/pages/home.html.erb</p>
-
-<%= link_to 'New Book', new_book_path %>

data/templates/shared/cloudflare_turbolinks_ajax_cache.js

@@ -1,44 +0,0 @@
-/**
- * This script improves UX for Rails 6 applications using Rails UJS + Turbolinks.
- *
- * Problem:
- * When submitting a form remotely (`remote: true`), if the server responds with
- * HTML (e.g., `render :new` or `render :edit` with validation errors),
- * Rails UJS fires `ajax:complete`, but nothing is automatically updated in the DOM.
- *
- * This results in poor UX — users see no feedback when form validation fails.
- *
- * Solution:
- * This listener catches AJAX responses that return full HTML content.
- * If the content type is `text/html`, we:
- *   1. Wrap the response in a Turbolinks snapshot.
- *   2. Cache the snapshot against the current URL.
- *   3. Trigger `Turbolinks.visit()` with `action: 'restore'` to re-render the page.
- *
- * This causes a soft reload (via Turbolinks) that displays the server-rendered
- * form with validation errors — giving users proper feedback without a full reload.
- */
-
-document.addEventListener('ajax:complete', event => {
-    let referrer, snapshot;
-    const xhr = event.detail[0];
-
-    // Check if the response is HTML (e.g., a rendered form with errors)
-    if ((xhr.getResponseHeader('Content-Type') || '').substring(0, 9) === 'text/html') {
-        referrer = window.location.href;
-
-        // Wrap the response in a Turbolinks snapshot
-        snapshot = Turbolinks.Snapshot.wrap(xhr.response);
-
-        // Store the snapshot in Turbolinks' cache
-        Turbolinks.controller.cache.put(referrer, snapshot);
-
-        // Revisit the current page to restore the updated form view with errors
-        return Turbolinks.visit(referrer, {
-            action: 'restore'
-        });
-    }
-
-    // For non-HTML responses (e.g., JSON), do nothing
-    return true;
-}, false);

data/templates/shared/config/initializers/cloudflare_turnstile.rb

@@ -1,4 +0,0 @@
-Cloudflare::Turnstile::Rails.configure do |config|
-  config.site_key = ENV.fetch('CLOUDFLARE_TURNSTILE_SITE_KEY', '1x00000000000000000000AA')
-  config.secret_key = ENV.fetch('CLOUDFLARE_TURNSTILE_SECRET_KEY', '1x0000000000000000000000000000000AA')
-end

data/templates/shared/config/routes.rb

@@ -1,7 +0,0 @@
-Rails.application.routes.draw do
-  root 'pages#home'
-
-  resources :books do
-    get :new2, on: :collection
-  end
-end

data/templates/shared/test/application_system_test_case.rb

@@ -1,5 +0,0 @@
-require 'test_helper'
-
-class ApplicationSystemTestCase < ActionDispatch::SystemTestCase
-  driven_by :selenium, using: :headless_chrome, screen_size: [1400, 1400]
-end

data/templates/shared/test/controllers/books_controller_test.rb

@@ -1,19 +0,0 @@
-require 'test_helper'
-
-class BooksControllerTest < ActionDispatch::IntegrationTest
-  test 'throws an exception when secret key is empty' do
-    Cloudflare::Turnstile::Rails.configuration.secret_key = nil
-
-    assert_raises ActionView::Template::Error, 'Cloudflare Turnstile secret_key is not set' do
-      get new_book_url
-    end
-  end
-
-  test 'throws an exception when site key is nil' do
-    Cloudflare::Turnstile::Rails.configuration.site_key = nil
-
-    assert_raises ActionView::Template::Error, 'Cloudflare Turnstile site_key is not set' do
-      get new_book_url
-    end
-  end
-end

data/templates/shared/test/system/books_test.rb

@@ -1,133 +0,0 @@
-require 'application_system_test_case'
-
-class BooksTest < ApplicationSystemTestCase
-  setup do
-    Cloudflare::Turnstile::Rails.configure do |config|
-      config.site_key = ENV.fetch('CLOUDFLARE_TURNSTILE_SITE_KEY', '1x00000000000000000000AA')
-      config.secret_key = ENV.fetch('CLOUDFLARE_TURNSTILE_SECRET_KEY', '1x0000000000000000000000000000000AA')
-    end
-  end
-
-  test 'visiting the from from another page renders turnstile' do
-    visit root_url
-    click_on 'New Book'
-    wait_for_turnstile_inputs(1)
-
-    assert_selector "div.cf-turnstile input[name='cf-turnstile-response']", count: 1, visible: :all
-  end
-
-  test 'visiting the page twice does not render turnstile twice' do
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-
-    assert_selector "div.cf-turnstile input[name='cf-turnstile-response']", count: 1, visible: :all
-  end
-
-  test 'submitting the form with a validation error re-renders turnstile' do
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    click_on 'Create Book'
-
-    assert_text "Title can't be blank"
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'submitting the form with a valid book re-renders turnstile' do
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    fill_in 'Title', with: "Wizard's First Rule"
-    click_on 'Create Book'
-
-    assert_text 'Book was successfully created'
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'submitting the form before turnstile is ready shows an error and re-renders turnstile' do
-    visit new_book_url
-    click_on 'Create Book'
-
-    assert_text 'Turnstile verification missing.'
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'turnstile does not render when site key is invalid' do
-    Cloudflare::Turnstile::Rails.configuration.site_key = 'DUMMY'
-    visit new_book_url
-
-    assert_no_selector(turnstile_selector, visible: :all, wait: 5)
-  end
-
-  test 'turnstile returns an error when secret key is invalid' do
-    Cloudflare::Turnstile::Rails.configuration.secret_key = 'DUMMY'
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    click_on 'Create Book'
-
-    assert_text 'Server misconfiguration: Turnstile secret key invalid.'
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'turnstile validation fails when human verification fails' do
-    Cloudflare::Turnstile::Rails.configuration.secret_key = '2x0000000000000000000000000000000AA'
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    click_on 'Create Book'
-
-    assert_text 'Turnstile token is invalid.'
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'turnstile validation fails when the token is expired' do
-    Cloudflare::Turnstile::Rails.configuration.secret_key = '3x0000000000000000000000000000000AA'
-    visit new_book_url
-    wait_for_turnstile_inputs(1)
-    click_on 'Create Book'
-
-    assert_text 'Turnstile token has already been used or expired.'
-    wait_for_turnstile_inputs(1)
-  end
-
-  test 'turnstile renders two plugins when there are two forms' do
-    skip "Not supported in Github actions for Ruby v#{RUBY_VERSION}" if RUBY_VERSION < '2.7.0' && ENV['CI']
-
-    visit new2_books_url
-    wait_for_turnstile_inputs(2)
-    all('input[type="submit"]').each { |input| input.click and wait_for_turnstile_inputs(2) }
-
-    assert_selector 'li', text: "Title can't be blank", count: 2, wait: 5
-  end
-
-  private
-
-  def turnstile_selector
-    "div.cf-turnstile input[name='cf-turnstile-response'][value*='DUMMY']"
-  end
-
-  def wait_for_turnstile_inputs(count, timeout: 5) # rubocop:disable Metrics/AbcSize, Metrics/CyclomaticComplexity, Metrics/MethodLength, Metrics/PerceivedComplexity
-    start = Time.now
-    stable_since = nil
-
-    loop do
-      inputs = all("div.cf-turnstile input[name='cf-turnstile-response']", visible: :all)
-      size = inputs.size
-
-      if size == count && inputs.all? { |i| i.value.to_s.strip != '' }
-        # once we hit the desired size with nonempty values,
-        # wait a moment to make sure it’s stable
-        stable_since ||= Time.now
-        return if Time.now - stable_since > 0.5
-      elsif size > count
-        flunk "Expected #{count} Turnstile widgets, but found #{size}"
-      else
-        # reset the stability countdown if size changed
-        stable_since = nil
-      end
-
-      flunk "Timed out waiting for #{count} Turnstile widgets; saw #{size}" if Time.now - start > timeout
-
-      sleep 0.1
-    end
-  end
-end

data/templates/template.rb

@@ -1,81 +0,0 @@
-# 1) allow `copy_file`/`directory` to find files in templates/shared
-shared = File.expand_path('shared', __dir__)
-source_paths.unshift(shared)
-
-# 2) inject our gem under test into the Gemfile
-append_to_file 'Gemfile', <<~RUBY
-  gem 'appraisal', require: false
-  gem 'minitest-retry', require: false
-
-  if RUBY_VERSION >= '3.0.0'
-    # Include gems that are no longer loaded from standard libraries
-    gem 'mutex_m'
-    gem 'bigdecimal'
-    gem 'drb'
-    gem 'benchmark'
-  end
-
-  # Resolve the "uninitialized constant ActiveSupport::LoggerThreadSafeLevel::Logger (NameError)" issue
-  gem 'concurrent-ruby', '< 1.3.5'
-
-  #{if Rails::VERSION::STRING < '7.0.0'
-      "# Higher versions are unsupported in Rails < 7.0.0\n# gem 'minitest', '< 5.12'"
-    end}#{'  '}
-  #{if Rails::VERSION::STRING < '7.2.0'
-      "# Higher versions cause 'uninitialized constant Rack::Handler (NameError)'\ngem 'rack', '< 3.0.0'"
-    end}#{'  '}
-
-  if RUBY_VERSION >= '3.1.0'
-    # Resolve the "Unknown alias: default (Psych::BadAlias)" error
-    gem 'psych', '< 4'
-  end
-
-  #{if Rails::VERSION::STRING.start_with?('5.2.')
-      "# Required for Rails 5.2, unsupported in older versions, and deprecated in newer versions\ngem 'webdrivers'"
-    end}#{'  '}
-
-  # test against the local checkout of cloudflare-turnstile-rails
-  gem 'cloudflare-turnstile-rails', path: "#{File.expand_path('..', __dir__)}"
-RUBY
-
-# 3) copy over all the shared app files
-%w[
-  app/controllers/pages_controller.rb
-  app/controllers/books_controller.rb.tt
-  app/models/book.rb.tt
-  app/views/pages/home.html.erb
-  app/views/books/create.js.erb
-  app/views/books/_form.html.erb
-  app/views/books/new.html.erb
-  app/views/books/new2.html.erb
-  config/initializers/cloudflare_turnstile.rb
-  config/routes.rb
-  test/application_system_test_case.rb
-  test/controllers/books_controller_test.rb
-  test/system/books_test.rb
-].each do |shared_path|
-  if shared_path.end_with?('.tt')
-    template shared_path, shared_path.sub(/\.tt$/, ''), force: true
-  else
-    copy_file shared_path, shared_path, force: true
-  end
-end
-
-# 4) configure minitest-retry in test_helper.rb
-gsub_file 'test/test_helper.rb', %r{require ['"]rails/test_help['"]\n},
-          "\\0require 'minitest/retry'\nMinitest::Retry.use!\n"
-
-# 5) turbo AJAX-cache helper
-packer_js = 'app/javascript/packs/application.js'
-if File.exist?(packer_js)
-  copy_file 'cloudflare_turbolinks_ajax_cache.js', 'app/javascript/packs/cloudflare_turbolinks_ajax_cache.js',
-            force: true
-
-  # import it at the very bottom of application.js
-  import_line = "\n// restore cached pages on AJAX navigations\n" \
-                "import './cloudflare_turbolinks_ajax_cache'\n"
-  append_to_file packer_js, import_line
-end
-
-# 6) Remove any existing chromedriver-helper gem line from Gemfile (only relevant for Rails 5.x)
-gsub_file 'Gemfile', /^\s*gem ['"]chromedriver-helper['"].*\n/, ''