RubyGems - effective_orders - Versions diffs - 6.30.6 → 6.30.7 - Mend

effective_orders 6.30.6 → 6.30.7

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (15) hide show

checksums.yaml +4 -4
data/app/assets/javascripts/effective_orders/providers/deluxe.js +1 -0
data/app/assets/javascripts/effective_orders/providers/deluxe_delayed.js +1 -0
data/app/assets/javascripts/effective_orders/providers/moneris_checkout.js.coffee +1 -0
data/app/assets/javascripts/effective_orders/providers/stripe.js.coffee +1 -0
data/app/assets/javascripts/effective_orders/recaptcha.js +3 -0
data/app/assets/javascripts/effective_orders.js +1 -0
data/app/controllers/effective/concerns/purchase.rb +9 -4
data/app/controllers/effective/orders_controller.rb +32 -0
data/app/views/effective/orders/_checkout_step2.html.haml +60 -46
data/config/effective_orders.rb +6 -0
data/config/routes.rb +1 -0
data/lib/effective_orders/version.rb +1 -1
data/lib/effective_orders.rb +23 -0
metadata +3 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 184e488ae56c8f57964bc8b95c69ac60be438c31ca305ca2e4dfe492eac77e1e
-  data.tar.gz: 4ecfd86a4e39a48e77f070a1daa97ef70765e28e1a10904f7d63958840fbb8ee
+  metadata.gz: b6fbbdbf063fd45bb9a7f23f4abfd06616c2ad91001d24a5533d30deb0874d0b
+  data.tar.gz: 2e54c5a696f2dc423d2968ade04b0cc31f4ca022a7f919a1b3ca6999691ec627
 SHA512:
-  metadata.gz: 79821bd949e9a20a7b034ae7ac1cc7b9c9f900de93970a7de37086f5f4a312d8a78fb3cc14fffd829c02efed01c1e0f04cde42ff505a252c1d61c7a55d6307a4
-  data.tar.gz: 54a564990255816fec95ee3d5b92522aa2a2c0d45fb1606ba9a0921c5478a71daf62d799f22c6458b2f0606d4c889b7d02a51fe50ef0b4801b0ca1b035a982d6
+  metadata.gz: 0275d8f8cd79cbede5ca656605f6b41dc607fd06e9c40f2603da4b87ac1ebc2edf62280f9275a69be5feb5769750b4a7d3299cb3c775a74782036f87f1f132a6
+  data.tar.gz: eb661600355d08984662e37de9f017b9de632b15801a2929a9e7600e9e8a1baf0c54ad35bab8859de50dcedb34523addcfb89df5c0200cb41297824bab2696a8

data/app/assets/javascripts/effective_orders/providers/deluxe.js CHANGED Viewed

@@ -30,3 +30,4 @@ function initializeDeluxe() {
 $(document).ready(function() { initializeDeluxe() });
 $(document).on('turbolinks:load', function() { initializeDeluxe() });

data/app/assets/javascripts/effective_orders/providers/deluxe_delayed.js CHANGED Viewed

@@ -30,3 +30,4 @@ function initializeDeluxeDelayed() {
 $(document).ready(function() { initializeDeluxeDelayed() });
 $(document).on('turbolinks:load', function() { initializeDeluxeDelayed() });

data/app/assets/javascripts/effective_orders/providers/moneris_checkout.js.coffee CHANGED Viewed

@@ -73,3 +73,4 @@ this.MonerisCheckoutForm ||= class MonerisCheckoutForm
 $ -> (new MonerisCheckoutForm()).initialize()
 $(document).on 'turbolinks:load', -> (new MonerisCheckoutForm()).initialize()

data/app/assets/javascripts/effective_orders/providers/stripe.js.coffee CHANGED Viewed

@@ -89,3 +89,4 @@ this.StripeForm ||= class StripeForm
 $ -> (new StripeForm()).initialize()
 $(document).on 'turbolinks:load', -> (new StripeForm()).initialize()
 $(document).on 'turbolinks:before-cache', -> (new StripeForm()).destroy()

data/app/assets/javascripts/effective_orders/recaptcha.js ADDED Viewed

@@ -0,0 +1,3 @@
+function onEffectiveOrdersRecaptchaVerified() {
+  document.getElementById('recaptcha-gate-form').submit();
+}

data/app/assets/javascripts/effective_orders.js CHANGED Viewed

@@ -1,6 +1,7 @@
 //= require effective_addresses
 //= require ./effective_orders/customers
+//= require ./effective_orders/recaptcha
 //= require ./effective_orders/subscriptions
 //= require_tree ./effective_orders/providers

data/app/controllers/effective/concerns/purchase.rb CHANGED Viewed

@@ -14,13 +14,14 @@ module Effective
       def order_purchased(payment:, provider:, card: 'none', email: true, skip_buyer_validations: false, purchased_url: nil)
         @order.purchase!(
-          payment: payment,
-          provider: provider,
-          card: card,
-          email: email,
+          payment: payment,
+          provider: provider,
+          card: card,
+          email: email,
           skip_buyer_validations: skip_buyer_validations
         )
+        session.delete(:recaptcha_verified_order_id)
         Effective::Cart.where(user: @order.current_user).destroy_all if @order.current_user.present?
         if flash[:success].blank?
@@ -38,6 +39,7 @@ module Effective
       def order_deferred(provider:, email: true, deferred_url: nil)
         @order.defer!(provider: provider, email: email)
+        session.delete(:recaptcha_verified_order_id)
         Effective::Cart.where(user: @order.current_user).destroy_all if @order.current_user.present?
         if flash[:success].blank?
@@ -55,6 +57,7 @@ module Effective
       def order_delayed(payment:, payment_intent:, provider:, card: 'none', email: true, deferred_url: nil)
         @order.delay!(payment: payment, payment_intent: payment_intent, provider: provider, card: card, email: email)
+        session.delete(:recaptcha_verified_order_id)
         Effective::Cart.where(user: @order.current_user).destroy_all if @order.current_user.present?
         if flash[:success].blank?
@@ -72,6 +75,8 @@ module Effective
       def order_declined(payment:, provider:, card: 'none', declined_url: nil)
         @order.decline!(payment: payment, provider: provider, card: card)
+        session.delete(:recaptcha_verified_order_id)
         if flash[:danger].blank?
           flash[:danger] = 'Payment was unsuccessful. Your credit card was declined by the payment processor. Please try again.'
         end

data/app/controllers/effective/orders_controller.rb CHANGED Viewed

@@ -3,6 +3,7 @@ module Effective
     include Effective::CrudController
     include Concerns::Purchase
+    # Update the verify_recaptcha_checkout! method if we add another payment provider here
     include Providers::Cheque
     include Providers::Deluxe
     include Providers::DeluxeDelayed
@@ -26,6 +27,10 @@ module Effective
     before_action :authenticate_user!, except: [:free, :paypal_postback, :moneris_postback, :pretend]
     before_action :set_page_title, except: [:show, :edit]
+    before_action :verify_recaptcha_checkout!, only: [
+      :cheque, :deluxe, :deluxe_delayed, :etransfer, :free, :helcim, :mark_as_paid, :moneris_checkout, :phone, :pretend, :refund, :stripe
+    ]
     # If you want to use the Add to Cart -> Checkout flow
     # Add one or more items however you do.
     # redirect_to effective_orders.new_order_path, which is here.
@@ -142,6 +147,24 @@ module Effective
       end
     end
+    def recaptcha
+      raise('recaptcha is not enabled') unless EffectiveOrders.recaptcha?
+      raise('recaptcha secret key is not set') unless EffectiveOrders.recaptcha_secret_key.present?
+      @order = Effective::Order.not_purchased.find(params[:id])
+      EffectiveResources.authorize!(self, :update, @order)
+      redirect_url = params[:redirect_url].presence || effective_orders.order_path(@order)
+      if verify_recaptcha(secret_key: EffectiveOrders.recaptcha_secret_key)
+        session[:recaptcha_verified_order_id] = @order.id
+        redirect_to redirect_url
+      else
+        flash[:danger] = 'Verification failed. Please try again.'
+        redirect_to redirect_url
+      end
+    end
     private
     # StrongParameters
@@ -159,5 +182,14 @@ module Effective
       end
     end
+    def verify_recaptcha_checkout!
+      return unless EffectiveOrders.recaptcha?
+      unless session[:recaptcha_verified_order_id].to_s == params[:id].to_s
+        flash[:danger] = 'Please complete the verification to proceed with payment.'
+        redirect_back(fallback_location: effective_orders.order_path(params[:id]))
+      end
+    end
   end
 end

data/app/views/effective/orders/_checkout_step2.html.haml CHANGED Viewed

@@ -1,63 +1,77 @@
-- # Show this if I'm on the effective orders checkout screen. But not on a rendered order.
-- if order.persisted? && order.user == current_user && request.path.to_s.start_with?(effective_orders.order_path(order))
-  .effective-order-change-items
-    = link_to 'Change Addresses', effective_orders.edit_order_path(order), rel: :nofollow
+- recaptcha_enabled = EffectiveOrders.recaptcha? && order.user == current_user
+- recaptcha_verified = session[:recaptcha_verified_order_id].to_s == order.id.to_s
-- unless local_assigns[:skip_order]
-  = render('/effective/orders/order', order: order)
+- if recaptcha_enabled && !recaptcha_verified
+  .card
+    .card-body
+      %h2 Checkout
+      .effective-order-recaptcha-gate.text-center
+        = form_tag(effective_orders.recaptcha_order_path(order), method: :post, id: 'recaptcha-gate-form') do
+          = hidden_field_tag :redirect_url, request.path
+          .d-flex.justify-content-center
+            = recaptcha_tags(site_key: EffectiveOrders.recaptcha_site_key, callback: 'onEffectiveOrdersRecaptchaVerified')
-.effective-order-purchase-actions
-  - provider_locals = { order: order, purchased_url: purchased_url, declined_url: declined_url, deferred_url: deferred_url }
+- else
+  - # Show this if I'm on the effective orders checkout screen. But not on a rendered order.
+  - if order.persisted? && order.user == current_user && request.path.to_s.start_with?(effective_orders.order_path(order))
+    .effective-order-change-items
+      = link_to 'Change Addresses', effective_orders.edit_order_path(order), rel: :nofollow
-  - if EffectiveOrders.delayed? && order.delayed_payment_date_upcoming?
-    = render partial: '/effective/orders/delayed/form', locals: provider_locals
+  .effective-order-purchase-actions
+    - provider_locals = { order: order, purchased_url: purchased_url, declined_url: declined_url, deferred_url: deferred_url }
-    - if EffectiveOrders.deferred? && !controller_path.include?('admin/') && !local_assigns[:skip_deferred]
-      %p.my-4.text-center - or -
-      = render partial: '/effective/orders/deferred/form', locals: provider_locals
+    - if EffectiveOrders.delayed? && order.delayed_payment_date_upcoming?
+      = render partial: '/effective/orders/delayed/form', locals: provider_locals
-  - elsif EffectiveOrders.free? && order.free?
-    = render partial: '/effective/orders/free/form', locals: provider_locals
+      - if EffectiveOrders.deferred? && !controller_path.include?('admin/') && !local_assigns[:skip_deferred]
+        %p.my-4.text-center - or -
+        = render partial: '/effective/orders/deferred/form', locals: provider_locals
-  - elsif EffectiveOrders.refund? && order.refund?
-    = render partial: '/effective/orders/refund/form', locals: provider_locals
+    - elsif EffectiveOrders.free? && order.free?
+      = render partial: '/effective/orders/free/form', locals: provider_locals
-  - else
-    - if EffectiveOrders.fee_saver?
-      .alert.alert-info.mb-4
-        All credit card transations are subject to a surcharge.
-        To avoid this fee you can pay by #{['ACH', ('cheque' if EffectiveOrders.cheque?), ('e-transfer' if EffectiveOrders.etransfer?)].compact.to_sentence(last_word_connector: ' or ')}.
+    - elsif EffectiveOrders.refund? && order.refund?
+      = render partial: '/effective/orders/refund/form', locals: provider_locals
-    - if EffectiveOrders.pretend?
-      = render partial: '/effective/orders/pretend/form', locals: provider_locals
+    - else
+      - if EffectiveOrders.fee_saver?
+        .alert.alert-info.mb-4
+          All credit card transations are subject to a surcharge.
+          To avoid this fee you can pay by #{['ACH', ('cheque' if EffectiveOrders.cheque?), ('e-transfer' if EffectiveOrders.etransfer?)].compact.to_sentence(last_word_connector: ' or ')}.
-    - if EffectiveOrders.deluxe?
-      = render partial: '/effective/orders/deluxe/form', locals: provider_locals
+      - if EffectiveOrders.pretend?
+        = render partial: '/effective/orders/pretend/form', locals: provider_locals
-    - if EffectiveOrders.helcim?
-      = render partial: '/effective/orders/helcim/form', locals: provider_locals
+      - if EffectiveOrders.deluxe?
+        = render partial: '/effective/orders/deluxe/form', locals: provider_locals
-    - if EffectiveOrders.moneris?
-      = render partial: '/effective/orders/moneris/form', locals: provider_locals
+      - if EffectiveOrders.helcim?
+        = render partial: '/effective/orders/helcim/form', locals: provider_locals
-    - if EffectiveOrders.moneris_checkout?
-      = render partial: '/effective/orders/moneris_checkout/form', locals: provider_locals
+      - if EffectiveOrders.moneris?
+        = render partial: '/effective/orders/moneris/form', locals: provider_locals
-    - if EffectiveOrders.paypal?
-      = render partial: '/effective/orders/paypal/form', locals: provider_locals
+      - if EffectiveOrders.moneris_checkout?
+        = render partial: '/effective/orders/moneris_checkout/form', locals: provider_locals
-    - if EffectiveOrders.stripe?
-      = render partial: '/effective/orders/stripe/form', locals: provider_locals
+      - if EffectiveOrders.paypal?
+        = render partial: '/effective/orders/paypal/form', locals: provider_locals
-    - if EffectiveOrders.deferred? && !controller_path.include?('admin/') && !local_assigns[:skip_deferred]
-      %p.my-4.text-center - or -
-      = render partial: '/effective/orders/deferred/form', locals: provider_locals
+      - if EffectiveOrders.stripe?
+        = render partial: '/effective/orders/stripe/form', locals: provider_locals
-  - if EffectiveResources.authorized?(controller, :admin, :effective_orders) && controller_path.include?('admin/')
-    - if EffectiveOrders.delayed? && order.delayed? && order.deferred? && order.delayed_payment_provider?
-      .effective-order-admin-purchase-actions
-        = render partial: '/effective/orders/delayed/form_purchase', locals: provider_locals
+      - if EffectiveOrders.deferred? && !controller_path.include?('admin/') && !local_assigns[:skip_deferred]
+        %p.my-4.text-center - or -
+        = render partial: '/effective/orders/deferred/form', locals: provider_locals
-    - if EffectiveOrders.mark_as_paid?
-      .effective-order-admin-purchase-actions
-        = render partial: '/effective/orders/mark_as_paid/form', locals: provider_locals
+    - if EffectiveResources.authorized?(controller, :admin, :effective_orders) && controller_path.include?('admin/')
+      - if EffectiveOrders.delayed? && order.delayed? && order.deferred? && order.delayed_payment_provider?
+        .effective-order-admin-purchase-actions
+          = render partial: '/effective/orders/delayed/form_purchase', locals: provider_locals
+      - if EffectiveOrders.mark_as_paid?
+        .effective-order-admin-purchase-actions
+          = render partial: '/effective/orders/mark_as_paid/form', locals: provider_locals
+  - unless local_assigns[:skip_order]
+    = render('/effective/orders/order', order: order)

data/config/effective_orders.rb CHANGED Viewed

@@ -90,6 +90,12 @@ EffectiveOrders.setup do |config|
   config.pretend_enabled = !Rails.env.production?
   config.pretend_message = '* payment information is not required to process this order at this time.'
+  # reCAPTCHA v2 Checkbox — gate checkout with verification
+  # Requires the recaptcha gem and Google reCAPTCHA v2 Checkbox keys
+  config.recaptcha = false
+  # config.recaptcha = true                                    # Use global Recaptcha.configure keys
+  # config.recaptcha = { site_key: '', secret_key: '' }        # Use separate invisible keys
   # Mailer Settings
   # Please see config/initializers/effective_resources.rb for default effective_* gem mailer settings
   #

data/config/routes.rb CHANGED Viewed

@@ -7,6 +7,7 @@ EffectiveOrders::Engine.routes.draw do
         get :purchased
         get :deferred
         get :declined
+        post :recaptcha
         post :send_order_email
         post :cheque

data/lib/effective_orders/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module EffectiveOrders
-  VERSION = '6.30.6'.freeze
+  VERSION = '6.30.7'.freeze
 end

data/lib/effective_orders.rb CHANGED Viewed

@@ -48,6 +48,9 @@ module EffectiveOrders
       # Quickbooks Online Error Emails
       :send_qb_online_sync_error, :qb_online_sync_error_recipients,
+      # reCAPTCHA. Hash|true|false
+      :recaptcha,
       # Features
       :free_enabled, :mark_as_paid_enabled, :pretend_enabled, :pretend_message, :buyer_purchases_refund,
@@ -254,6 +257,26 @@ module EffectiveOrders
     helcim? && helcim[:fee_saver] == true
   end
+  def self.recaptcha?
+    (recaptcha.kind_of?(Hash) || recaptcha == true) && defined?(::Recaptcha)
+  end
+  def self.recaptcha_site_key
+    if recaptcha.kind_of?(Hash)
+      recaptcha[:site_key]
+    elsif recaptcha == true
+      ::Recaptcha.configuration.site_key!
+    end
+  end
+  def self.recaptcha_secret_key
+    if recaptcha.kind_of?(Hash)
+      recaptcha[:secret_key]
+    elsif recaptcha == true
+      ::Recaptcha.configuration.secret_key!
+    end
+  end
   def self.mailer_class
     mailer&.constantize || Effective::OrdersMailer
   end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: effective_orders
 version: !ruby/object:Gem::Version
-  version: 6.30.6
+  version: 6.30.7
 platform: ruby
 authors:
 - Code and Effect
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2026-01-26 00:00:00.000000000 Z
+date: 2026-02-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -198,6 +198,7 @@ files:
 - app/assets/javascripts/effective_orders/providers/helcim.js
 - app/assets/javascripts/effective_orders/providers/moneris_checkout.js.coffee
 - app/assets/javascripts/effective_orders/providers/stripe.js.coffee
+- app/assets/javascripts/effective_orders/recaptcha.js
 - app/assets/javascripts/effective_orders/subscriptions.js.coffee
 - app/assets/stylesheets/effective_orders.scss
 - app/assets/stylesheets/effective_orders/_cart.scss