hcaptcha 7.0.1 → 7.1.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a8d13c5892c269bd846a2be83ff471553e73cabe9e029bd0665835f38ab0750
-  data.tar.gz: 61eb765060b5f609a35e058f6841144c829b52ebf3019d55929f659b3adf8e7d
+  metadata.gz: b4103929669b3b8601acea5112dcb3ce2008975be3c8609298ea387ef03d8195
+  data.tar.gz: 63402b16c6e3881ff5099c3c29f3c726801f7af6371abae7cf5d358fb2f9b5ba
 SHA512:
-  metadata.gz: 4dd587e34892cdf438cc18039659760682985c69d50fee1eaadc8becdf660a79b1d4297ad46699e0a6e81bd7bf2e7dc80cb7d4bd45263250801e5585453848f5
-  data.tar.gz: 1902d04442608418ddfac1e3bb1ad4acef2763691482c1b9a0a632adcdb254d5392b03f5e3deb389f74ddd797e967edfb5b0c83597585279e04c004592c86beb
+  metadata.gz: 7b12e0b36c8374214c5320d35883ebdd34046b4ccb2ec31fbdf206c9d24e59f1ec90ff06770ea6358c5aca83982fbb5ca923cc639a94ae3b3ffedf978d459c5c
+  data.tar.gz: 0264d37d64670c010827e0fd74eb5897e6f3741dde3d09dc0ee3d341de5831135b96787e7ca7e25803b0834799604f36a37582fcf1140fc2ede0b35f19357dd7

data/README.md

@@ -1,12 +1,16 @@
 # hCaptcha
 [![Gem Version](https://badge.fury.io/rb/hcaptcha.svg)](https://badge.fury.io/rb/hcaptcha)
 
-Disclaimer: This gem is forked from the [recaptcha gem](https://github.com/ambethia/recaptcha). All ideas, including the documentation and demo Rails and Sinatra integrations come from [recaptcha gem](https://github.com/ambethia/recaptcha) but are adoped for hCaptcha.
+## Credits
 
-Author:    Tyler VanNurden & Jason L Perry (http://ambethia.com)<br/>
-License:   [MIT](http://creativecommons.org/licenses/MIT/)<br/>
-Info:      https://github.com/firstmoversadvantage/hcaptcha<br/>
-Bugs:      https://github.com/firstmoversadvantage/hcaptcha/issues<br/>
+* https://github.com/Retrospring/hcaptcha
+* https://github.com/firstmoversadvantage/hcaptcha
+* https://github.com/ambethia/recaptcha
+
+## Overview
+
+License:   [MIT](http://creativecommons.org/licenses/MIT/)  
+Bugs:      https://github.com/firstmoversadvantage/hcaptcha/issues
 
 This gem provides helper methods for the [hCaptcha API](https://hcaptcha.com). In your
 views you can use the `hcaptcha_tags` method to embed the needed javascript, and you can validate
@@ -18,27 +22,22 @@ Go to the [hCaptcha](https://hcaptcha.com/webmaster/signup) signup page to obtai
 
 The hostname you set it to must be a real hostname, since hCaptcha validates it when you create it in the portal. For example, `example.fmadata.com` does not have a DNS record, but `mydomain.com` does. The DNS record doesn't need to point to your application though, it just has to exist - that's why we added the record into the local hosts file.
 
-## Rails Installation
+## Installation
 
-```ruby
-gem "hcaptcha"
+FIrst, add the gem to your bundle:
+```shell
+bundle add hcaptcha
 ```
 
-You can keep keys out of the code base with environment variables or with Rails [secrets](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secrets).<br/>
+Then, set the following environment variables:
+* `HCAPTCHA_SECRET_KEY`
+* `HCAPTCHA_SITE_KEY`
 
-In development, you can use the [dotenv](https://github.com/bkeepers/dotenv) gem. (Make sure to add it above `gem 'hcaptcha'`.)
+> 💡 You should keep keys out of your codebase with external environment variables (using your shell's `export` command), Rails (< 5.2) [secrets](https://guides.rubyonrails.org/v5.1/security.html#custom-secrets), Rails (5.2+) [credentials](https://guides.rubyonrails.org/security.html#custom-credentials), the [dotenv](https://github.com/bkeepers/dotenv) or [figaro](https://github.com/laserlemon/figaro) gems, …
 
-See [Alternative API key setup](#alternative-api-key-setup) for more ways to configure or override
-keys. See also the
-[Configuration](https://www.rubydoc.info/github/ambethia/recaptcha/master/Recaptcha/Configuration)
-documentation.
+## Usage
 
-```shell
-export HCAPTCHA_SITE_KEY='6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
-export HCAPTCHA_SECRET_KEY='6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
-```
-
-Add `hcaptcha_tags` to the forms you want to protect:
+First, add `hcaptcha_tags` to the forms you want to protect:
 
 ```erb
 <%= form_for @foo do |f| %>
@@ -60,26 +59,56 @@ else
 end
 ```
 
-## Sinatra / Rack / Ruby installation
-
-See [sinatra demo](/demo/sinatra) for details.
+If you are **not using Rails**, you should:
+* `include Hcaptcha::Adapters::ViewMethods` where you need `recaptcha_tags`
+* `include Hcaptcha::Adapters::ControllerMethods` where you need `verify_hcaptcha`
 
- - add `gem 'hcaptcha'` to `Gemfile`
- - set env variables
- - `include Hcaptcha::Adapters::ViewMethods` where you need `recaptcha_tags`
- - `include Hcaptcha::Adapters::ControllerMethods` where you need `verify_recaptcha`
+### API details
 
-
-## hCaptcha API and Usage
-
-### `recaptcha_tags`
+### `hcaptcha_tags(options = {})`
 
 Use in your views to render the JavaScript widget.
 
+Available options:
+
+| Option                  | Description |
+|-------------------------|-------------|
+| `:badge`                | _legacy, ignored_
+| `:callback`             | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:chalexpired_callback` | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:class`                | Additional CSS classes added to `h-captcha` on the placeholder
+| `:close_callback`       | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:error_callback`       | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:expired_callback`     | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:external_script`      | _alias for `:script` option_
+| `:hl`                   | _see [official documentation](https://docs.hcaptcha.com/configuration) and [available language codes](https://docs.hcaptcha.com/languages)_
+| `:open_callback`        | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:nonce`                | Add a `nonce="…"` attribute to the `<script>` tag
+| `:onload`               | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:recaptchacompat`      | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:render`               | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:script_async`         | Add `async` attribute to the `<script>` tag (default: `true`)
+| `:script_defer`         | Add `defer` attribute to the `<script>` tag (default: `true`)
+| `:script`               | Generate the `<script>` tag (default: `true`)
+| `:site_key`             | Set hCaptcha Site Key (overrides `HCAPTCHA_SITE_KEY` environment variable)
+| `:size`                 | _see [official documentation](https://docs.hcaptcha.com/configuration)_
+| `:stoken`               | _legacy, raises an exception_
+| `:ssl`                  | _legacy, raises an exception_
+| `:theme`                | _see [official documentation](https://docs.hcaptcha.com/configuration)_ (default: `:dark`)
+| `:type`                 | _legacy, ignored_
+| `:ui`                   | _legacy, ignored_
+
+> ℹ️ Unkown options will be passed directly as attributes to the placeholder element.
+>
+> For example, `hcaptcha_tags(foo: "bar")` will generate the default script tag and the following placeholder tag:
+> ```html
+> <div class="h-captcha" data-sitekey="…" foo="bar"></div>
+> ```
+
 ### `verify_recaptcha`
 
 This method returns `true` or `false` after processing the response token from the hCaptcha widget.
-This is usually called from your controller, as seen [above](#rails-installation).
+This is usually called from your controller.
 
 Passing in the ActiveRecord object via `model: object` is optional. If you pass a `model`—and the
 captcha fails to verify—an error will be added to the object for you to use (available as
@@ -120,41 +149,5 @@ en:
 By default, hCaptcha is skipped in "test" and "cucumber" env. To enable it during test:
 
 ```ruby
-Recaptcha.configuration.skip_verify_env.delete("test")
-```
-
-## Alternative API key setup
-
-### Recaptcha.configure
-
-```ruby
-# config/initializers/recaptcha.rb
-Recaptcha.configure do |config|
-  config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
-  config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
-  # Uncomment the following line if you are using a proxy server:
-  # config.proxy = 'http://myproxy.com.au:8080'
-end
-```
-
-### Recaptcha.with_configuration
-
-For temporary overwrites (not thread safe).
-
-```ruby
-Recaptcha.with_configuration(site_key: '12345') do
-  # Do stuff with the overwritten site_key.
-end
-```
-
-### Per call
-
-Pass in keys as options at runtime, for code base with multiple hCaptcha setups:
-
-```ruby
-recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
-
-# and
-
-verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
-```
+Hcaptcha.configuration.skip_verify_env.delete("test")
+```

data/lib/hcaptcha/helpers.rb

@@ -6,6 +6,13 @@ module Hcaptcha
       hcaptcha_unreachable: 'Oops, we failed to validate your hCaptcha response. Please try again.',
       verification_failed: 'hCaptcha verification failed, please try again.'
     }.freeze
+    DEFAULT_OPTIONS = {
+      external_script: true,
+      script: true,
+      script_async: true,
+      script_defer: true,
+      theme: :dark
+    }.freeze
 
     def self.hcaptcha(options)
       if options.key?(:stoken)
@@ -15,13 +22,7 @@ module Hcaptcha
         raise(HcaptchaError, "SSL is now always true. Please remove 'ssl' from your calls to hcaptcha_tags.")
       end
 
-      html, tag_attributes = components(options.dup)
-      html << %(<div #{tag_attributes}></div>\n)
-
-      html << <<-HTML
-        <div class="h-captcha" data-sitekey="#{Hcaptcha.configuration.site_key!}" data-theme="dark"></div>
-      HTML
-
+      html = generate_tags(options)
       html.respond_to?(:html_safe) ? html.html_safe : html
     end
 
@@ -40,54 +41,63 @@ module Hcaptcha
       end
     end
 
-    private_class_method def self.components(options)
-      html = +''
-      attributes = {}
-
+    private_class_method def self.generate_tags(options)
       options = options.dup
-      class_attribute = options.delete(:class)
-      site_key = options.delete(:site_key)
-      hl = options.delete(:hl)
-      onload = options.delete(:onload)
-      render = options.delete(:render)
-      script_async = options.delete(:script_async)
-      script_defer = options.delete(:script_defer)
-      nonce = options.delete(:nonce)
-      skip_script = (options.delete(:script) == false) || (options.delete(:external_script) == false)
-      ui = options.delete(:ui)
-
-      data_attribute_keys = [:badge, :theme, :type, :callback, :expired_callback, :error_callback, :size]
-      data_attribute_keys << :tabindex unless ui == :button
-      data_attributes = {}
-      data_attribute_keys.each do |data_attribute|
-        value = options.delete(data_attribute)
-        data_attributes["data-#{data_attribute.to_s.tr('_', '-')}"] = value if value
+      DEFAULT_OPTIONS.each do |name, value|
+        options[name] = value unless options.key?(name)
       end
+      generate_script_tag(options) + generate_placeholder_tag(options)
+    end
 
-      site_key ||= Hcaptcha.configuration.site_key!
-      script_url = Hcaptcha.configuration.api_server_url
+    private_class_method def self.generate_script_tag(options)
+      # Forge script URL
+      url = Hcaptcha.configuration.api_server_url
       query_params = hash_to_query(
-        hl: hl,
-        onload: onload,
-        render: render
+        hl: options.delete(:hl),
+        onload: options.delete(:onload),
+        recaptchacompat: options.delete(:recaptchacompat),
+        render: options.delete(:render)
       )
-      script_url += "?#{query_params}" unless query_params.empty?
-      async_attr = "async" if script_async != false
-      defer_attr = "defer" if script_defer != false
+      url += "?#{query_params}" unless query_params.empty?
+
+      # Forge additional attributes
+      nonce = options.delete(:nonce)
       nonce_attr = " nonce='#{nonce}'" if nonce
-      html << %(<script src="#{script_url}" #{async_attr} #{defer_attr} #{nonce_attr}></script>\n) unless skip_script
-      attributes["data-sitekey"] = site_key
-      attributes.merge! data_attributes
+      async_attr = "async" if options.delete(:script_async)
+      defer_attr = "defer" if options.delete(:script_defer)
+      additional_attributes = [async_attr, defer_attr, nonce_attr].compact.join(" ")
 
-      # The remaining options will be added as attributes on the tag.
-      attributes["class"] = "hcaptcha #{class_attribute}"
-      tag_attributes = attributes.merge(options).map { |k, v| %(#{k}="#{v}") }.join(" ")
+      return "" if options.delete(:script) == false || options.delete(:external_script) == false
 
-      [html, tag_attributes]
+      %(<script src="#{url}" #{additional_attributes}></script>)
+    end
+
+    private_class_method def self.generate_placeholder_tag(options)
+      attributes = {}
+
+      # Forge data-* attributes
+      %i[
+        callback close_callback error_callback chalexpired_callback
+        expired_callback open_callback size tabindex theme
+      ].each do |data_attribute|
+        value = options.delete(data_attribute)
+        attributes["data-#{data_attribute.to_s.tr('_', '-')}"] = value if value
+      end
+      attributes["data-sitekey"] = options.delete(:site_key) || Hcaptcha.configuration.site_key!
+
+      # Forge CSS classes
+      attributes["class"] = "h-captcha #{options.delete(:class)}"
+
+      # Remaining options will be added as attributes on the tag.
+      %(<div #{html_attributes(attributes)} #{html_attributes(options)}></div>)
     end
 
     private_class_method def self.hash_to_query(hash)
       hash.delete_if { |_, val| val.nil? || val.empty? }.to_a.map { |pair| pair.join('=') }.join('&')
     end
+
+    private_class_method def self.html_attributes(hash)
+      hash.map { |k, v| %(#{k}="#{v}") }.join(" ")
+    end
   end
 end

data/lib/hcaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Hcaptcha
-  VERSION = '7.0.1'
+  VERSION = '7.1.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: hcaptcha
 version: !ruby/object:Gem::Version
-  version: 7.0.1
+  version: 7.1.0
 platform: ruby
 authors:
 - Christopher Harrison
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2020-07-30 00:00:00.000000000 Z
+date: 2020-11-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json