invisible_captcha 0.9.0 → 0.9.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/invisible_captcha.rb +4 -0
- data/lib/invisible_captcha/controller_ext.rb +4 -0
- data/lib/invisible_captcha/version.rb +1 -1
- data/lib/invisible_captcha/view_helpers.rb +3 -1
- data/spec/controllers_spec.rb +12 -0
- data/spec/view_helpers_spec.rb +1 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6667c856fdf4fb2ae0147d0d2d3d0531f8fab862
|
|
4
|
+
data.tar.gz: 7d2dadae6a9010c3614166343221fc0064fe9bc2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a76b88b892d95a1d72fcf5f2bffb2165c0608554feab107ca5a61e25db4a6b2e4eb3349ecba9b7e0c817d2766c23bb6ebd6723fa20717f8b3518ea38583ebab8
|
|
7
|
+
data.tar.gz: b15a66cfab3ec429aaafcdcd310e66f178cf17ab1375d58f0f0454b75b00059600295d5b54df404630ba8ceb0d596a84b6f688312bdeb2c04e696d7d211ddf04
|
data/README.md
CHANGED
|
@@ -90,15 +90,17 @@ You can customize:
|
|
|
90
90
|
* `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name.
|
|
91
91
|
* `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
|
|
92
92
|
* `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](http://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
|
|
93
|
+
* `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
|
|
93
94
|
* `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
|
|
94
95
|
|
|
95
96
|
To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
|
|
96
97
|
|
|
97
98
|
```ruby
|
|
98
99
|
InvisibleCaptcha.setup do |config|
|
|
99
|
-
config.honeypots
|
|
100
|
-
config.visual_honeypots
|
|
101
|
-
config.timestamp_threshold
|
|
100
|
+
config.honeypots << 'another_fake_attribute'
|
|
101
|
+
config.visual_honeypots = false
|
|
102
|
+
config.timestamp_threshold = 4
|
|
103
|
+
config.timestamp_enabled = true
|
|
102
104
|
# Leave these unset if you want to use I18n (see below)
|
|
103
105
|
# config.sentence_for_humans = 'If you are a human, ignore this field'
|
|
104
106
|
# config.timestamp_error_message = 'Sorry, that was too quick! Please resubmit.'
|
data/lib/invisible_captcha.rb
CHANGED
|
@@ -12,6 +12,7 @@ module InvisibleCaptcha
|
|
|
12
12
|
|
|
13
13
|
attr_accessor :honeypots,
|
|
14
14
|
:timestamp_threshold,
|
|
15
|
+
:timestamp_enabled,
|
|
15
16
|
:visual_honeypots
|
|
16
17
|
|
|
17
18
|
def init!
|
|
@@ -27,6 +28,9 @@ module InvisibleCaptcha
|
|
|
27
28
|
# Fastest time (in seconds) to expect a human to submit the form
|
|
28
29
|
self.timestamp_threshold = 4
|
|
29
30
|
|
|
31
|
+
# Timestamp check enabled by default
|
|
32
|
+
self.timestamp_enabled = true
|
|
33
|
+
|
|
30
34
|
# Default error message for validator when form submitted too quickly
|
|
31
35
|
self.timestamp_error_message = -> { I18n.t('invisible_captcha.timestamp_error_message', default: 'Sorry, that was too quick! Please resubmit.') }
|
|
32
36
|
|
|
@@ -37,6 +37,10 @@ module InvisibleCaptcha
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def invisible_captcha_timestamp?(options = {})
|
|
40
|
+
unless InvisibleCaptcha.timestamp_enabled
|
|
41
|
+
return false
|
|
42
|
+
end
|
|
43
|
+
|
|
40
44
|
timestamp = session[:invisible_captcha_timestamp]
|
|
41
45
|
|
|
42
46
|
# Consider as spam if timestamp not in session, cause that means the form was not fetched at all
|
|
@@ -6,7 +6,9 @@ module InvisibleCaptcha
|
|
|
6
6
|
# @param scope [Symbol] name of honeypot scope, ie: topic => input name: topic[subtitle]
|
|
7
7
|
# @return [String] the generated html
|
|
8
8
|
def invisible_captcha(honeypot = nil, scope = nil, options = {})
|
|
9
|
-
|
|
9
|
+
if InvisibleCaptcha.timestamp_enabled
|
|
10
|
+
session[:invisible_captcha_timestamp] ||= Time.zone.now.iso8601
|
|
11
|
+
end
|
|
10
12
|
build_invisible_captcha(honeypot, scope, options)
|
|
11
13
|
end
|
|
12
14
|
|
data/spec/controllers_spec.rb
CHANGED
|
@@ -6,6 +6,7 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
6
6
|
before do
|
|
7
7
|
@controller = TopicsController.new
|
|
8
8
|
InvisibleCaptcha.timestamp_threshold = 1
|
|
9
|
+
InvisibleCaptcha.timestamp_enabled = true
|
|
9
10
|
end
|
|
10
11
|
|
|
11
12
|
context 'without invisible_captcha_timestamp in session' do
|
|
@@ -18,6 +19,17 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
18
19
|
end
|
|
19
20
|
end
|
|
20
21
|
|
|
22
|
+
context 'without invisible_captcha_timestamp in session and timestamp_enabled=false' do
|
|
23
|
+
it 'does not fail like if it was submitted too fast' do
|
|
24
|
+
request.env['HTTP_REFERER'] = 'http://test.host/topics'
|
|
25
|
+
InvisibleCaptcha.timestamp_enabled = false
|
|
26
|
+
post :create, topic: { title: 'foo' }
|
|
27
|
+
|
|
28
|
+
expect(flash[:error]).not_to be_present
|
|
29
|
+
expect(response.body).to be_present
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
21
33
|
context 'submission timestamp_threshold' do
|
|
22
34
|
before do
|
|
23
35
|
session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
|
data/spec/view_helpers_spec.rb
CHANGED
|
@@ -35,6 +35,7 @@ describe InvisibleCaptcha::ViewHelpers, type: :helper do
|
|
|
35
35
|
before do
|
|
36
36
|
allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
|
|
37
37
|
InvisibleCaptcha.visual_honeypots = false
|
|
38
|
+
InvisibleCaptcha.timestamp_enabled = true
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
it 'with no arguments' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
172
|
version: '0'
|
|
173
173
|
requirements: []
|
|
174
174
|
rubyforge_project:
|
|
175
|
-
rubygems_version: 2.
|
|
175
|
+
rubygems_version: 2.2.2
|
|
176
176
|
signing_key:
|
|
177
177
|
specification_version: 4
|
|
178
178
|
summary: Simple honeypot protection for RoR apps
|