invisible_captcha 1.1.0 → 2.1.0

data/spec/controllers_spec.rb

@@ -3,39 +3,25 @@
 RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
   render_views
 
-  def switchable_post(action, params = {})
-    if Rails.version > '5'
-      post action, params: params
-    else
-      post action, params
-    end
-  end
-
-  def switchable_put(action, params = {})
-    if Rails.version > '5'
-      put action, params: params
-    else
-      put action, params
-    end
-  end
-
   before(:each) do
     @controller = TopicsController.new
     request.env['HTTP_REFERER'] = 'http://test.host/topics'
+
     InvisibleCaptcha.init!
     InvisibleCaptcha.timestamp_threshold = 1
+    InvisibleCaptcha.spinner_enabled = false
   end
 
   context 'without invisible_captcha_timestamp in session' do
     it 'fails like if it was submitted too fast' do
-      switchable_post :create, topic: { title: 'foo' }
+      post :create, params: { topic: { title: 'foo' } }
 
       expect(response).to redirect_to 'http://test.host/topics'
       expect(flash[:error]).to eq(InvisibleCaptcha.timestamp_error_message)
     end
 
     it 'passes if disabled at action level' do
-      switchable_post :copy, topic: { title: 'foo' }
+      post :copy, params: { topic: { title: 'foo' } }
 
       expect(flash[:error]).not_to be_present
       expect(response.body).to be_present
@@ -43,7 +29,8 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
 
     it 'passes if disabled at app level' do
       InvisibleCaptcha.timestamp_enabled = false
-      switchable_post :create, topic: { title: 'foo' }
+
+      post :create, params: { topic: { title: 'foo' } }
 
       expect(flash[:error]).not_to be_present
       expect(response.body).to be_present
@@ -56,7 +43,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
     end
 
     it 'fails if submission before timestamp_threshold' do
-      switchable_post :create, topic: { title: 'foo' }
+      post :create, params: { topic: { title: 'foo' } }
 
       expect(response).to redirect_to 'http://test.host/topics'
       expect(flash[:error]).to eq(InvisibleCaptcha.timestamp_error_message)
@@ -66,7 +53,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
     end
 
     it 'allows a custom on_timestamp_spam callback' do
-      switchable_put :update, id: 1, topic: { title: 'bar' }
+      put :update, params: { id: 1, topic: { title: 'bar' } }
 
       expect(response.status).to eq(204)
     end
@@ -79,7 +66,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
         end
       end
 
-      expect { switchable_put :update, id: 1, topic: { title: 'bar' } }
+      expect { put :update, params: { id: 1, topic: { title: 'bar' } } }
         .to change { session[:invisible_captcha_timestamp] }
         .to be_present
     end
@@ -88,10 +75,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       it 'passes if submission on or after timestamp_threshold' do
         sleep InvisibleCaptcha.timestamp_threshold
 
-        switchable_post :create, topic: {
-          title: 'foobar',
-          author: 'author',
-          body: 'body that passes validation'
+        post :create, params: {
+          topic: {
+            title: 'foobar',
+            author: 'author',
+            body: 'body that passes validation'
+          }
         }
 
         expect(flash[:error]).not_to be_present
@@ -104,7 +93,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       it 'allow to set a custom timestamp_threshold per action' do
         sleep 2 # custom threshold
 
-        switchable_post :publish, id: 1
+        post :publish, params: { id: 1 }
 
         expect(flash[:error]).not_to be_present
         expect(response.body).to be_present
@@ -115,30 +104,75 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
   context 'honeypot attribute' do
     before(:each) do
       session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
+
       # Wait for valid submission
       sleep InvisibleCaptcha.timestamp_threshold
     end
 
     it 'fails with spam' do
-      switchable_post :create, topic: { subtitle: 'foo' }
+      post :create,  params: { topic: { subtitle: 'foo' } }
 
       expect(response.body).to be_blank
     end
 
     it 'passes with no spam' do
-      switchable_post :create, topic: { title: 'foo' }
+      post :create,  params: { topic: { title: 'foo' } }
 
       expect(response.body).to be_present
     end
 
+    context 'with random honeypot' do
+      context 'auto-scoped' do
+        it 'passes with no spam' do
+          post :categorize, params: { topic: { title: 'foo' } }
+
+          expect(response.body).to be_present
+        end
+
+        it 'fails with spam' do
+          post :categorize, params: { topic: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' } }
+
+          expect(response.body).to be_blank
+        end
+      end
+
+      context 'with no scope' do
+        it 'passes with no spam' do
+          post :categorize
+
+          expect(response.body).to be_present
+        end
+
+        it 'fails with spam' do
+          post :categorize, params: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' }
+
+          expect(response.body).to be_blank
+        end
+      end
+
+      context 'with scope' do
+        it 'fails with spam' do
+          post :rename, params: { topic: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' } }
+
+          expect(response.body).to be_blank
+        end
+
+        it 'passes with no spam' do
+          post :rename, params: { topic: { title: 'foo' } }
+
+          expect(response.body).to be_blank
+        end
+      end
+    end
+
     it 'allow a custom on_spam callback' do
-      switchable_put :update, id: 1, topic: { subtitle: 'foo' }
+      put :update,  params: { id: 1, topic: { subtitle: 'foo' } }
 
       expect(response.body).to redirect_to(new_topic_path)
     end
 
     it 'honeypot is removed from params if you use a custom honeypot' do
-      switchable_post :create, topic: { title: 'foo', subtitle: '' }
+      post :create,  params: { topic: { title: 'foo', subtitle: '' } }
 
       expect(flash[:error]).not_to be_present
       expect(@controller.params[:topic].key?(:subtitle)).to eq(false)
@@ -155,31 +189,49 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
         subscriber
       end
 
-      after  { ActiveSupport::Notifications.unsubscribe(subscriber) }
+      after { ActiveSupport::Notifications.unsubscribe(subscriber) }
 
       it 'dispatches an `invisible_captcha.spam_detected` event' do
-        # Skip the `with` matcher for Rails < 5 due to issues comparing arguments passed to / recived by the dummy event handler.
-        # https://github.com/markets/invisible_captcha/pull/62#issuecomment-552218501
-        if Rails.version > '5'
-          expect(dummy_handler).to receive(:handle_event).once.with(
-            message: "Invisible Captcha honeypot param 'subtitle' was present.",
-            remote_ip: '0.0.0.0',
-            user_agent: 'Rails Testing',
+        expect(dummy_handler).to receive(:handle_event).once.with({
+          message: "[Invisible Captcha] Potential spam detected for IP 0.0.0.0. Honeypot param 'subtitle' was present.",
+          remote_ip: '0.0.0.0',
+          user_agent: 'Rails Testing',
+          controller: 'topics',
+          action: 'create',
+          url: 'http://test.host/topics',
+          params: {
+            topic: { subtitle: "foo"},
             controller: 'topics',
-            action: 'create',
-            url: 'http://test.host/topics',
-            params: {
-              topic: { subtitle: "foo"},
-              controller: 'topics',
-              action: 'create'
-            }
-          )
-        else
-          expect(dummy_handler).to receive(:handle_event).once
-        end
+            action: 'create'
+          }
+        })
 
-        switchable_post :create, topic: { subtitle: 'foo' }
+        post :create, params: { topic: { subtitle: 'foo' } }
       end
     end
   end
+
+  context 'spinner attribute' do
+    before(:each) do
+      InvisibleCaptcha.spinner_enabled = true
+      InvisibleCaptcha.secret = 'secret'
+      session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
+      session[:invisible_captcha_spinner] = '32ab649161f9f6faeeb323746de1a25d'
+
+      # Wait for valid submission
+      sleep InvisibleCaptcha.timestamp_threshold
+    end
+
+    it 'fails with no spam, but mismatch of spinner' do
+      post :create,  params: { topic: { title: 'foo' }, spinner: 'mismatch' }
+
+      expect(response.body).to be_blank
+    end
+
+    it 'passes with no spam and spinner match' do
+      post :create,  params: { topic: { title: 'foo' }, spinner: '32ab649161f9f6faeeb323746de1a25d' }
+
+      expect(response.body).to be_present
+    end
+  end
 end

data/spec/dummy/app/controllers/topics_controller.rb

@@ -9,6 +9,10 @@ class TopicsController < ApplicationController
 
   invisible_captcha honeypot: :subtitle, only: :copy, timestamp_enabled: false
 
+  invisible_captcha scope: :topic, only: :rename
+
+  invisible_captcha only: :categorize
+
   def index
     redirect_to new_topic_path
   end
@@ -28,6 +32,14 @@ class TopicsController < ApplicationController
   end
 
   def update
+    redirect_to new_topic_path
+  end
+
+  def rename
+  end
+
+  def categorize
+    redirect_to new_topic_path
   end
 
   def publish

data/spec/dummy/app/views/layouts/application.html.erb

@@ -2,8 +2,7 @@
 <html>
 <head>
   <title>Dummy</title>
-  <%= stylesheet_link_tag    "application", :media => "all" %>
-  <%= javascript_include_tag "application" %>
+  <%= stylesheet_link_tag "/styles.css" %>
   <%= csrf_meta_tags %>
   <%= invisible_captcha_styles %>
 </head>

data/spec/dummy/config/application.rb

@@ -2,9 +2,7 @@ require File.expand_path('../boot', __FILE__)
 
 require 'action_controller/railtie'
 require 'action_view/railtie'
-require 'action_mailer/railtie'
 require 'active_model/railtie'
-require 'sprockets/railtie'
 
 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.

data/spec/dummy/config/environments/development.rb

@@ -14,7 +14,7 @@ Dummy::Application.configure do
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  # config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
@@ -31,9 +31,6 @@ Dummy::Application.configure do
   # yet still be able to expire them through the digest params.
   # config.assets.digest = true
 
-  # quiet assets
-  config.assets.quiet = true
-
   # Adds additional error checking when serving assets at runtime.
   # Checks for improperly declared sprockets dependencies.
   # Raises helpful error messages.

data/spec/dummy/config/environments/test.rb

@@ -14,13 +14,8 @@ Dummy::Application.configure do
 
   # Disable serving static files from the `/public` folder by default since
   # Apache or NGINX already handles this.
-  if Rails.version >= "5.0.0"
-    config.public_file_server.enabled = true
-    config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
-  else
-    config.serve_static_files = true
-    config.static_cache_control = "public, max-age=3600"
-  end
+  config.public_file_server.enabled = true
+  config.public_file_server.headers = {'Cache-Control' => 'public, max-age=3600'}
 
   # Show full error reports and disable caching.
   config.consider_all_requests_local       = true
@@ -35,7 +30,7 @@ Dummy::Application.configure do
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
+  # config.action_mailer.delivery_method = :test
 
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr

data/spec/dummy/config/routes.rb

@@ -1,6 +1,8 @@
 Rails.application.routes.draw do
   resources :topics do
     post :publish, on: :member
+    post :rename, on: :collection
+    post :categorize, on: :collection
     post :copy, on: :collection
   end
 

data/spec/dummy/{app/assets/stylesheets/application.css → public/styles.css}

@@ -8,8 +8,11 @@ h1 {
   border-bottom: 3px solid;
 }
 
-input,
-textarea {
+a {
+  color: #000;
+}
+
+input, textarea {
   border: 0;
   margin-bottom: 1.5em;
 }
@@ -19,7 +22,9 @@ input {
 }
 
 button {
-  background-color: #f0f0f0;
+  color: #fff;
+  background-color: #000;
+  border: none;
   border-radius: 0.25em;
   height: 3em;
   width: 10em;
@@ -28,4 +33,4 @@ button {
 
 .errors {
   color: darkred;
-}
+}

data/spec/spec_helper.rb

@@ -2,14 +2,19 @@
 
 ENV['RAILS_ENV'] = 'test'
 
+require 'simplecov'
+if ENV['CI']
+  require 'simplecov-cobertura'
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
+end
+SimpleCov.start
+
 require File.expand_path("../dummy/config/environment.rb", __FILE__)
 require 'rspec/rails'
 require 'invisible_captcha'
 
 RSpec.configure do |config|
-  if Rails.version >= '5.2'
-    config.include ActionDispatch::ContentSecurityPolicy::Request, type: :helper
-  end
+  config.include ActionDispatch::ContentSecurityPolicy::Request, type: :helper
   config.disable_monkey_patching!
   config.order = :random
   config.expect_with :rspec
@@ -17,17 +22,3 @@ RSpec.configure do |config|
     mocks.verify_partial_doubles = true
   end
 end
-
-# Rails 4.2 call `initialize` inside `recycle!`. However Ruby 2.6 doesn't allow calling `initialize` twice.
-# More info: https://github.com/rails/rails/issues/34790
-if RUBY_VERSION >= "2.6.0" && Rails.version < "5"
-  module ActionController
-    class TestResponse < ActionDispatch::TestResponse
-      def recycle!
-        @mon_mutex_owner_object_id = nil
-        @mon_mutex = nil
-        initialize
-      end
-    end
-  end
-end

data/spec/view_helpers_spec.rb

@@ -2,12 +2,8 @@
 
 RSpec.describe InvisibleCaptcha::ViewHelpers, type: :helper do
   before(:each) do
-    allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
     allow(InvisibleCaptcha).to receive(:css_strategy).and_return("display:none;")
-
-    if Rails.version >= '5.2'
-      allow_any_instance_of(ActionDispatch::ContentSecurityPolicy::Request).to receive(:content_security_policy_nonce).and_return('123')
-    end
+    allow_any_instance_of(ActionDispatch::ContentSecurityPolicy::Request).to receive(:content_security_policy_nonce).and_return('123')
 
     # to test content_for and provide
     @view_flow = ActionView::OutputFlow.new
@@ -32,10 +28,8 @@ RSpec.describe InvisibleCaptcha::ViewHelpers, type: :helper do
     expect(invisible_captcha(:subtitle, :topic, { class: 'foo_class' })).to match(/class="foo_class"/)
   end
 
-  if Rails.version >= '5.2'
-    it 'with CSP nonce' do
-      expect(invisible_captcha(:subtitle, :topic, { nonce: true })).to match(/nonce="123"/)
-    end
+  it 'with CSP nonce' do
+    expect(invisible_captcha(:subtitle, :topic, { nonce: true })).to match(/nonce="123"/)
   end
 
   it 'generated html + styles' do
@@ -64,6 +58,18 @@ RSpec.describe InvisibleCaptcha::ViewHelpers, type: :helper do
     end
   end
 
+  context "should have spinner field" do
+    it 'that exists by default, spinner_enabled is true' do
+      InvisibleCaptcha.spinner_enabled = true
+      expect(invisible_captcha).to match(/spinner/)
+    end
+
+    it 'that does not exist if spinner_enabled is false' do
+      InvisibleCaptcha.spinner_enabled = false
+      expect(invisible_captcha).not_to match(/spinner/)
+    end
+  end
+
   it 'should set spam timestamp' do
     invisible_captcha
     expect(session[:invisible_captcha_timestamp]).to eq(Time.zone.now.iso8601)