invisible_captcha 0.9.0 → 0.9.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA1:
3
- metadata.gz: 9e100c8a33e03c0cbf7db8c66f9319bf541848f5
4
- data.tar.gz: 25593f083c4c23381d6d2cb25988b59fceb29a1f
3
+ metadata.gz: 6667c856fdf4fb2ae0147d0d2d3d0531f8fab862
4
+ data.tar.gz: 7d2dadae6a9010c3614166343221fc0064fe9bc2
5
5
  SHA512:
6
- metadata.gz: 0b35f5a39151875efd7f02792c29b253f0e2a9e5136b7c3463959fec74320a055a819fac4a73480e7f88bae788de793e0a7faa2ad77f4f3b80502247a85513db
7
- data.tar.gz: 907d391f3a01a0edfaf4926715c35ed981bf06cef8ded02138e60c6e3247f79b11a6ae593bb1e3d5488170a4560870e27d517d2974252d36413f5f26d75d87bf
6
+ metadata.gz: a76b88b892d95a1d72fcf5f2bffb2165c0608554feab107ca5a61e25db4a6b2e4eb3349ecba9b7e0c817d2766c23bb6ebd6723fa20717f8b3518ea38583ebab8
7
+ data.tar.gz: b15a66cfab3ec429aaafcdcd310e66f178cf17ab1375d58f0f0454b75b00059600295d5b54df404630ba8ceb0d596a84b6f688312bdeb2c04e696d7d211ddf04
data/README.md CHANGED
@@ -90,15 +90,17 @@ You can customize:
90
90
  * `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name.
91
91
  * `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
92
92
  * `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](http://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
93
+ * `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
93
94
  * `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
94
95
 
95
96
  To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
96
97
 
97
98
  ```ruby
98
99
  InvisibleCaptcha.setup do |config|
99
- config.honeypots += 'fake_resource_title'
100
- config.visual_honeypots = false
101
- config.timestamp_threshold = 4
100
+ config.honeypots << 'another_fake_attribute'
101
+ config.visual_honeypots = false
102
+ config.timestamp_threshold = 4
103
+ config.timestamp_enabled = true
102
104
  # Leave these unset if you want to use I18n (see below)
103
105
  # config.sentence_for_humans = 'If you are a human, ignore this field'
104
106
  # config.timestamp_error_message = 'Sorry, that was too quick! Please resubmit.'
@@ -12,6 +12,7 @@ module InvisibleCaptcha
12
12
 
13
13
  attr_accessor :honeypots,
14
14
  :timestamp_threshold,
15
+ :timestamp_enabled,
15
16
  :visual_honeypots
16
17
 
17
18
  def init!
@@ -27,6 +28,9 @@ module InvisibleCaptcha
27
28
  # Fastest time (in seconds) to expect a human to submit the form
28
29
  self.timestamp_threshold = 4
29
30
 
31
+ # Timestamp check enabled by default
32
+ self.timestamp_enabled = true
33
+
30
34
  # Default error message for validator when form submitted too quickly
31
35
  self.timestamp_error_message = -> { I18n.t('invisible_captcha.timestamp_error_message', default: 'Sorry, that was too quick! Please resubmit.') }
32
36
 
@@ -37,6 +37,10 @@ module InvisibleCaptcha
37
37
  end
38
38
 
39
39
  def invisible_captcha_timestamp?(options = {})
40
+ unless InvisibleCaptcha.timestamp_enabled
41
+ return false
42
+ end
43
+
40
44
  timestamp = session[:invisible_captcha_timestamp]
41
45
 
42
46
  # Consider as spam if timestamp not in session, cause that means the form was not fetched at all
@@ -1,3 +1,3 @@
1
1
  module InvisibleCaptcha
2
- VERSION = "0.9.0"
2
+ VERSION = "0.9.1"
3
3
  end
@@ -6,7 +6,9 @@ module InvisibleCaptcha
6
6
  # @param scope [Symbol] name of honeypot scope, ie: topic => input name: topic[subtitle]
7
7
  # @return [String] the generated html
8
8
  def invisible_captcha(honeypot = nil, scope = nil, options = {})
9
- session[:invisible_captcha_timestamp] ||= Time.zone.now.iso8601
9
+ if InvisibleCaptcha.timestamp_enabled
10
+ session[:invisible_captcha_timestamp] ||= Time.zone.now.iso8601
11
+ end
10
12
  build_invisible_captcha(honeypot, scope, options)
11
13
  end
12
14
 
@@ -6,6 +6,7 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
6
6
  before do
7
7
  @controller = TopicsController.new
8
8
  InvisibleCaptcha.timestamp_threshold = 1
9
+ InvisibleCaptcha.timestamp_enabled = true
9
10
  end
10
11
 
11
12
  context 'without invisible_captcha_timestamp in session' do
@@ -18,6 +19,17 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
18
19
  end
19
20
  end
20
21
 
22
+ context 'without invisible_captcha_timestamp in session and timestamp_enabled=false' do
23
+ it 'does not fail like if it was submitted too fast' do
24
+ request.env['HTTP_REFERER'] = 'http://test.host/topics'
25
+ InvisibleCaptcha.timestamp_enabled = false
26
+ post :create, topic: { title: 'foo' }
27
+
28
+ expect(flash[:error]).not_to be_present
29
+ expect(response.body).to be_present
30
+ end
31
+ end
32
+
21
33
  context 'submission timestamp_threshold' do
22
34
  before do
23
35
  session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
@@ -35,6 +35,7 @@ describe InvisibleCaptcha::ViewHelpers, type: :helper do
35
35
  before do
36
36
  allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
37
37
  InvisibleCaptcha.visual_honeypots = false
38
+ InvisibleCaptcha.timestamp_enabled = true
38
39
  end
39
40
 
40
41
  it 'with no arguments' do
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: invisible_captcha
3
3
  version: !ruby/object:Gem::Version
4
- version: 0.9.0
4
+ version: 0.9.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Marc Anguera Insa
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2016-05-08 00:00:00.000000000 Z
11
+ date: 2016-06-21 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: rails
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
172
172
  version: '0'
173
173
  requirements: []
174
174
  rubyforge_project:
175
- rubygems_version: 2.4.5
175
+ rubygems_version: 2.2.2
176
176
  signing_key:
177
177
  specification_version: 4
178
178
  summary: Simple honeypot protection for RoR apps