RubyGems - invisible_captcha - Versions diffs - 0.13.0 → 1.0.0 - Mend

invisible_captcha 0.13.0 → 1.0.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (12) hide show

checksums.yaml +4 -4
data/.travis.yml +0 -13
data/Appraisals +0 -4
data/CHANGELOG.md +6 -0
data/LICENSE +1 -1
data/README.md +36 -1
data/invisible_captcha.gemspec +1 -3
data/lib/invisible_captcha/controller_ext.rb +13 -8
data/lib/invisible_captcha/version.rb +1 -1
data/spec/controllers_spec.rb +38 -0
metadata +4 -33
data/gemfiles/rails_3.2.gemfile +0 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22b983b8b83c0fb6eee4d4a97e3680c2c8e44c305c9181aee11e57f995f545e4
-  data.tar.gz: 97a7ec072f6158d49c0f65f73d3d8c6ee90725306ff0de87af5dd21ce1fc5184
+  metadata.gz: f27b7d3288d93919d6b1caa54cb08b026eddea9ef81bbf3b5ea72ead77bf1a44
+  data.tar.gz: dd29af328ea032506bf1ffc8a50c425ed2a634eba8fb5acc375df248164793cf
 SHA512:
-  metadata.gz: 1d77948f8fe547ccf52da9d92389f170ce43bdaab80cdcf246f80fde50db6773134c305e7edc0a162036f4c6d5a98f75342679dc7915c44ba37c727168d35f3f
-  data.tar.gz: 687063c83c44dbae9a65ba75664c8240e7915464738aea41b38bf4e089aab7945fc2b22dda64814bdab85b7ae241439d7dd8dfccfe56a3f16b26b6b9ee145ecf
+  metadata.gz: 6b8eea41afe49b36597042135579165583f751e4a4f8958ac3e839b223e1b2a7bca7afede2af6d82ffc857b0366fa2bd2942297762605b21f66363dfd624662f
+  data.tar.gz: a2bc9bb2368bfcfdfc7db912d772e70b05d70d864e65a785d0aeb31fdefc27862e5e54c82f2dbd570733c7c0f90b6e410ad77c47e3633b41e066308d072b2b7c

data/.travis.yml CHANGED

@@ -1,20 +1,17 @@
 language: ruby
 cache: bundler
-sudo: false
 rvm:
   - ruby-head
   - 2.6.5
   - 2.5.7
   - 2.4.9
   - 2.3.8
-  - 2.2.10
 gemfile:
   - gemfiles/rails_6.0.gemfile
   - gemfiles/rails_5.2.gemfile
   - gemfiles/rails_5.1.gemfile
   - gemfiles/rails_5.0.gemfile
   - gemfiles/rails_4.2.gemfile
-  - gemfiles/rails_3.2.gemfile
 before_install:
   # Rails 4.x requires Bundler version < 2.0.
   - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
@@ -26,15 +23,5 @@ matrix:
       gemfile: gemfiles/rails_6.0.gemfile
     - rvm: 2.3.8
       gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: 2.2.10
-      gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: ruby-head
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.6.5
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.5.7
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.4.9
-      gemfile: gemfiles/rails_3.2.gemfile
   allow_failures:
     - rvm: ruby-head

data/Appraisals CHANGED

@@ -17,7 +17,3 @@ end
 appraise "rails-4.2" do
   gem "rails", "~> 4.2.0"
 end
-appraise "rails-3.2" do
-  gem "rails", "~> 3.2.0"
-end

data/CHANGELOG.md CHANGED

@@ -2,6 +2,11 @@
 All notable changes to this project will be documented in this file.
+## [1.0.0]
+- Remove Ruby 2.2 and Rails 3.2 support
+- Add Instrumentation event (#62)
 ## [0.13.0]
 - Add support for the Content Security Policy nonce (#61)
@@ -106,6 +111,7 @@ All notable changes to this project will be documented in this file.
 - First version of controller filters
+[1.0.0]: https://github.com/markets/invisible_captcha/compare/v0.13.0...v1.0.0
 [0.13.0]: https://github.com/markets/invisible_captcha/compare/v0.12.2...v0.13.0
 [0.12.2]: https://github.com/markets/invisible_captcha/compare/v0.12.1...v0.12.2
 [0.12.1]: https://github.com/markets/invisible_captcha/compare/v0.12.0...v0.12.1

data/LICENSE CHANGED

@@ -1,4 +1,4 @@
-Copyright 2012-2017 Marc Anguera Insa
+Copyright 2012-2019 Marc Anguera Insa
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md CHANGED

@@ -19,7 +19,7 @@ It also comes with a time-sensitive :hourglass: form submission.
 ## Installation
-Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 2.2`.
+Invisible Captcha is tested against Rails `>= 4.2` and Ruby `>= 2.3`.
 Add this line to your Gemfile and then execute `bundle install`:
@@ -165,6 +165,41 @@ You can also pass html options to the input:
 <%= invisible_captcha :subtitle, :topic, id: "your_id", class: "your_class" %>
 ```
+### Spam detection notifications
+In addition to the `on_spam` controller callback, you can use the [Active Support Instrumentation API](https://guides.rubyonrails.org/active_support_instrumentation.html) to set up a global event handler that fires whenever spam is detected. This is useful for advanced logging, background processing, etc.
+To set up a global event handler, [subscribe](https://guides.rubyonrails.org/active_support_instrumentation.html#subscribing-to-an-event) to the `invisible_captcha.spam_detected` event in an initializer:
+```ruby
+# config/initializers/invisible_captcha.rb
+ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
+  AwesomeLogger.warn(data[:message], data)  # Log to an external logging service.
+  SpamRequest.create(data)                  # Record the blocked request in your database.
+end
+```
+The `data` passed to the subscriber is hash containing information about the request that was detected as spam. For example:
+```ruby
+{
+  message: "Invisible Captcha honeypot param 'subtitle' was present.",
+  remote_ip: '127.0.0.1',
+  user_agent: 'Chrome 77',
+  controller: 'users',
+  action: 'create',
+  url: 'http://example.com/users',
+  params: {
+    topic: { subtitle: 'foo' },
+    controller: 'users',
+    action: 'create'
+  }
+}
+```
+_**Note:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards._
 ### Content Security Policy
 If you're using a Content Security Policy (CSP) in your Rails app, you will need to generate a nonce on the server, and pass `nonce: true` attribute to the view helper. Uncomment the following lines in your `config/initializers/content_security_policy.rb` file:

data/invisible_captcha.gemspec CHANGED

@@ -15,10 +15,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency 'rails', '>= 3.2.0'
+  spec.add_dependency 'rails', '>= 4.2'
   spec.add_development_dependency 'rspec-rails', '~> 3.1'
   spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'test-unit', '~> 3.0'
-  spec.add_development_dependency 'byebug'
 end

data/lib/invisible_captcha/controller_ext.rb CHANGED

@@ -4,14 +4,8 @@ module InvisibleCaptcha
   module ControllerExt
     module ClassMethods
       def invisible_captcha(options = {})
-        if respond_to?(:before_action)
-          before_action(options) do
-            detect_spam(options)
-          end
-        else
-          before_filter(options) do
-            detect_spam(options)
-          end
+        before_action(options) do
+          detect_spam(options)
         end
       end
     end
@@ -105,6 +99,17 @@ module InvisibleCaptcha
     def warn(message)
       logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
+      ActiveSupport::Notifications.instrument(
+        'invisible_captcha.spam_detected',
+        message: message,
+        remote_ip: request.remote_ip,
+        user_agent: request.user_agent,
+        controller: params[:controller],
+        action: params[:action],
+        url: request.url,
+        params: request.filtered_parameters
+      )
     end
   end
 end

data/lib/invisible_captcha/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module InvisibleCaptcha
-  VERSION = "0.13.0"
+  VERSION = "1.0.0"
 end

data/spec/controllers_spec.rb CHANGED

@@ -143,5 +143,43 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       expect(flash[:error]).not_to be_present
       expect(@controller.params[:topic].key?(:subtitle)).to eq(false)
     end
+    describe 'ActiveSupport::Notifications' do
+      let(:dummy_handler) { double(handle_event: nil) }
+      let!(:subscriber) do
+        subscriber = ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
+          dummy_handler.handle_event(data)
+        end
+        subscriber
+      end
+      after  { ActiveSupport::Notifications.unsubscribe(subscriber) }
+      it 'dispatches an `invisible_captcha.spam_detected` event' do
+        # Skip the `with` matcher for Rails < 5 due to issues comparing arguments passed to / recived by the dummy event handler.
+        # https://github.com/markets/invisible_captcha/pull/62#issuecomment-552218501
+        if Rails.version > '5'
+          expect(dummy_handler).to receive(:handle_event).once.with(
+            message: "Invisible Captcha honeypot param 'subtitle' was present.",
+            remote_ip: '0.0.0.0',
+            user_agent: 'Rails Testing',
+            controller: 'topics',
+            action: 'create',
+            url: 'http://test.host/topics',
+            params: {
+              topic: { subtitle: "foo"},
+              controller: 'topics',
+              action: 'create'
+            }
+          )
+        else
+          expect(dummy_handler).to receive(:handle_event).once
+        end
+        switchable_post :create, topic: { subtitle: 'foo' }
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invisible_captcha
 version: !ruby/object:Gem::Version
-  version: 0.13.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Marc Anguera Insa
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-06 00:00:00.000000000 Z
+date: 2019-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: '4.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -52,34 +52,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Unobtrusive, flexible and simple spam protection for Rails applications
   using honeypot strategy for better user experience.
 email:
@@ -97,7 +69,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- gemfiles/rails_3.2.gemfile
 - gemfiles/rails_4.2.gemfile
 - gemfiles/rails_5.0.gemfile
 - gemfiles/rails_5.1.gemfile

data/gemfiles/rails_3.2.gemfile DELETED

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 3.2.0"
-gemspec path: "../"