invisible_captcha 2.0.0 → 2.3.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 86acfe71e903568702c63c261bfd32a066dbc947d1c2fa2b4956178a7de591db
-  data.tar.gz: a9a8768c5bcfb9a7656e0638dde4bf40e169719385bf947dace7fa4d34f03656
+  metadata.gz: 8421f23e2c4ca4f1512efe6f0ac5b7d538c21fae25c94dae1eb12080bcc7bff2
+  data.tar.gz: d80bbba59b964e84f677620a2c24a5047744a95733805981583034e3629034a4
 SHA512:
-  metadata.gz: ec1ed1b9f7bef2e753f7b736dbce8124b5cd4c699e4075cbd15fdade99e6f332025e3088f0754315b18f8bde48b7e883c3470f840a535a3631f2e5c659c415df
-  data.tar.gz: 3698ed54f31c8f87730dcd92e14c2076e10aaa98a14a765e7d3be8bfd0e259385572b5d3252b8328fb4a539634bb8e086270b2e7e34117ab76a15ab4f42c095b
+  metadata.gz: 94f28d33d89e5dcfa741d97c34c4a42645a5d3f668238653341cd402c1e1e3bfbf8d2c42f5bc6d9d8bda3815d3e7036c0dae13965691e7409ce5df1ff5763bee
+  data.tar.gz: 2a187357840766a3eae1c40f032015c38f07a2b12955c9bfc82f95251b81138a6eab8e69ccd0adbfb9e5f13c095a541e869f2b3d5672e29a75b893253702965e

data/.github/workflows/ci.yml

@@ -0,0 +1,35 @@
+name: CI
+
+on: [push, pull_request]
+
+jobs:
+  test:
+    name: CI
+    runs-on: ubuntu-latest
+    env:
+      BUNDLE_GEMFILE: ${{ github.workspace }}/gemfiles/${{ matrix.gemfile }}.gemfile
+    strategy:
+      fail-fast: false
+      matrix:
+        ruby: ["2.7", "3.0", "3.1", "3.2"]
+        gemfile: [rails_6.0, rails_6.1, rails_7.0, rails_7.1]
+        exclude:
+          - ruby: "3.1"
+            gemfile: rails_6.0
+          - ruby: "3.2"
+            gemfile: rails_6.0
+        include:
+          - ruby: "2.7"
+            gemfile: rails_5.2
+          - ruby: head
+            gemfile: rails_7.0
+    steps:
+      - uses: actions/checkout@v3
+      - uses: ruby/setup-ruby@v1
+        with:
+          ruby-version: ${{ matrix.ruby }}
+          bundler-cache: true
+      - run: bundle exec rspec
+        continue-on-error: ${{ endsWith(matrix.ruby, 'head') }}
+      - name: Upload coverage reports to Codecov
+        uses: codecov/codecov-action@v3

data/Appraisals

@@ -1,11 +1,11 @@
-appraise "rails-6.1" do
-  gem "rails", "~> 6.1.0"
-end
-
-appraise "rails-6.0" do
-  gem "rails", "~> 6.0.0"
-end
-
-appraise "rails-5.2" do
-  gem "rails", "~> 5.2.0"
+%w(
+  7.1
+  7.0
+  6.1
+  6.0
+  5.2
+).each do |version|
+  appraise "rails-#{version}" do
+    gem "rails", "~> #{version}.0"
+  end
 end

data/CHANGELOG.md

@@ -2,6 +2,22 @@
 
 All notable changes to this project will be documented in this file.
 
+## [2.3.0]
+
+- Run honeypot + spinner checks and their callback also if timestamp triggers but passes through (#132)
+- Mark as spam requests with no spinner value (#134)
+
+## [2.2.0]
+
+- Official support for Rails 7.1
+- Fix flash message for `on_timestamp_spam` callback (#125)
+- Fix potential error when lookup the honeypot parameter using (#128)
+
+## [2.1.0]
+
+- Drop official support for EOL Rubies: 2.5 and 2.6
+- Allow random honeypots to be scoped (#117)
+
 ## [2.0.0]
 
 - New spinner, IP based, validation check (#89)
@@ -125,6 +141,9 @@ All notable changes to this project will be documented in this file.
 
 - First version of controller filters
 
+[2.3.0]: https://github.com/markets/invisible_captcha/compare/v2.2.0...v2.3.0
+[2.2.0]: https://github.com/markets/invisible_captcha/compare/v2.1.0...v2.2.0
+[2.1.0]: https://github.com/markets/invisible_captcha/compare/v2.0.0...v2.1.0
 [2.0.0]: https://github.com/markets/invisible_captcha/compare/v1.1.0...v2.0.0
 [1.1.0]: https://github.com/markets/invisible_captcha/compare/v1.0.1...v1.1.0
 [1.0.1]: https://github.com/markets/invisible_captcha/compare/v1.0.0...v1.0.1

data/LICENSE

@@ -1,4 +1,4 @@
-Copyright 2012-2021 Marc Anguera Insa
+Copyright 2012-2024 Marc Anguera Insa
 
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md

@@ -1,7 +1,8 @@
 # Invisible Captcha
 
 [![Gem](https://img.shields.io/gem/v/invisible_captcha.svg?style=flat-square)](https://rubygems.org/gems/invisible_captcha)
-[![Build Status](https://travis-ci.com/markets/invisible_captcha.svg?branch=master)](https://travis-ci.com/markets/invisible_captcha)
+[![Build Status](https://github.com/markets/invisible_captcha/workflows/CI/badge.svg)](https://github.com/markets/invisible_captcha/actions)
+[![codecov](https://codecov.io/gh/markets/invisible_captcha/branch/master/graph/badge.svg?token=nADSa6rbhM)](https://codecov.io/gh/markets/invisible_captcha)
 
 > Complete and flexible spam protection solution for Rails applications.
 
@@ -21,7 +22,7 @@ It also comes with:
 
 ## Installation
 
-Invisible Captcha is tested against Rails `>= 5.2` and Ruby `>= 2.5`.
+Invisible Captcha is tested against Rails `>= 5.2` and Ruby `>= 2.7`.
 
 Add this line to your Gemfile and then execute `bundle install`:
 
@@ -63,6 +64,8 @@ class TopicsController < ApplicationController
 end
 ```
 
+You should _not_ name your method `on_spam`, as this will collide with an internal method of the same name.
+
 Note that it is not mandatory to specify a `honeypot` attribute (neither in the view nor in the controller). In this case, the engine will take a random field from `InvisibleCaptcha.honeypots`. So, if you're integrating it following this path, in your form:
 
 ```erb
@@ -97,6 +100,8 @@ invisible_captcha only: [:new_contact]
 
 You can place `<%= flash[:error] %>` next to `:alert` and `:notice` message types, if you have them in your `app/views/layouts/application.html.erb`.
 
+**NOTE:** This gem relies on data set by the backend, so in order to properly work, your forms should be rendered by Rails. Forms generated via JavaScript are not going to work well.
+
 ## Options and customization
 
 This section contains a description of all plugin options and customizations.
@@ -106,13 +111,13 @@ This section contains a description of all plugin options and customizations.
 You can customize:
 
 - `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
-- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if you are running multiple Rails instances behind a load balancer. See [Multiple Rails instances](#multiple-rails-instances).
+- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if you are running multiple Rails instances behind a load balancer (see [Multiple Rails instances](#multiple-rails-instances)). Beware that Chrome may ignore `autocomplete="off"`. Thus, consider not to use field names, which would be autocompleted, like for example `name`, `country`.
 - `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
 - `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](https://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
 - `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
 - `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
 - `injectable_styles`: if enabled, you should call anywhere in your layout the following helper `<%= invisible_captcha_styles %>`. This allows you to inject styles, for example, in `<head>`. False by default, styles are injected inline with the honeypot.
-- `spinner_enabled`: option to disable the IP spinner validation.
+- `spinner_enabled`: option to disable the IP spinner validation. By default, true.
 - `secret`: customize the secret key to encode some internal values. By default, it reads the environment variable `ENV['INVISIBLE_CAPTCHA_SECRET']` and fallbacks to random value. Be careful, if you are running multiple Rails instances behind a load balancer, use always the same value via the environment variable.
 
 To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
@@ -206,7 +211,7 @@ The `data` passed to the subscriber is hash containing information about the req
 
 ```ruby
 {
-  message: "Invisible Captcha honeypot param 'subtitle' was present.",
+  message: "Honeypot param 'subtitle' was present.",
   remote_ip: '127.0.0.1',
   user_agent: 'Chrome 77',
   controller: 'users',
@@ -220,7 +225,7 @@ The `data` passed to the subscriber is hash containing information about the req
 }
 ```
 
-_**Note:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards._
+**NOTE:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards.
 
 ### Content Security Policy
 
@@ -247,7 +252,7 @@ And in your view helper, you need to pass `nonce: true` to the `invisible_captch
 <%= invisible_captcha nonce: true %>
 ```
 
-**WARNING:** Content Security Policy can break your site! If you already run a website with third-party scripts, styles, images, and fonts, it is highly recommended to enable CSP in report-only mode and observe warnings as they appear. Learn more at MDN:
+**NOTE:** Content Security Policy can break your site! If you already run a website with third-party scripts, styles, images, and fonts, it is highly recommended to enable CSP in report-only mode and observe warnings as they appear. Learn more at MDN:
 
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/CSP
 * https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
@@ -282,7 +287,7 @@ end
 Another option is to wait for the timestamp check to be valid:
 
 ```ruby
-# Maybe in a before block
+# Maybe inside a before block
 InvisibleCaptcha.init!
 InvisibleCaptcha.timestamp_threshold = 1
 
@@ -290,6 +295,26 @@ InvisibleCaptcha.timestamp_threshold = 1
 sleep InvisibleCaptcha.timestamp_threshold
 ```
 
+If you're using the "random honeypot" approach, you may want to set a known honeypot:
+
+```ruby
+config.honeypots = ['my_honeypot_field'] if Rails.env.test?
+```
+
+And for the "spinner validation" check, you may want to disable it:
+
+```ruby
+config.spinner_enabled = !Rails.env.test?
+```
+
+Or alternativelly, you should send a valid spinner value along your requests:
+
+```ruby
+# RSpec example
+session[:invisible_captcha_spinner] = '32ab649161f9f6faeeb323746de1a25d'
+post :create,  params: { topic: { title: 'foo' }, spinner: '32ab649161f9f6faeeb323746de1a25d' }
+```
+
 ## Contribute
 
 Any kind of idea, feedback or bug report are welcome! Open an [issue](https://github.com/markets/invisible_captcha/issues) or send a [pull request](https://github.com/markets/invisible_captcha/pulls).

data/Rakefile

@@ -1,11 +1,6 @@
 # frozen_string_literal: true
 
 require "bundler/gem_tasks"
-require 'rspec/core/rake_task'
-
-RSpec::Core::RakeTask.new(:spec)
-
-task :default => :spec
 
 desc 'Start development Rails app'
 task :web do
@@ -16,4 +11,4 @@ task :web do
 
   Dir.chdir(app_path)
   exec("rails s -p #{port}")
-end
+end

data/gemfiles/rails_7.0.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.0.0"
+
+gemspec path: "../"

data/gemfiles/rails_7.1.gemfile

@@ -0,0 +1,7 @@
+# This file was generated by Appraisal
+
+source "https://rubygems.org"
+
+gem "rails", "~> 7.1.0"
+
+gemspec path: "../"

data/invisible_captcha.gemspec

@@ -15,8 +15,11 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency 'rails', '>= 5.0'
+  spec.add_dependency 'rails', '>= 5.2'
 
   spec.add_development_dependency 'rspec-rails'
   spec.add_development_dependency 'appraisal'
+  spec.add_development_dependency 'webrick'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'simplecov-cobertura'
 end

data/lib/invisible_captcha/controller_ext.rb

@@ -21,7 +21,10 @@ module InvisibleCaptcha
     def detect_spam(options = {})
       if timestamp_spam?(options)
         on_timestamp_spam(options)
-      elsif honeypot_spam?(options) || spinner_spam?
+        return if performed?
+      end
+
+      if honeypot_spam?(options) || spinner_spam?
         on_spam(options)
       end
     end
@@ -30,7 +33,8 @@ module InvisibleCaptcha
       if action = options[:on_timestamp_spam]
         send(action)
       else
-        redirect_back(fallback_location: root_path, flash: { error: InvisibleCaptcha.timestamp_error_message })
+        flash[:error] = InvisibleCaptcha.timestamp_error_message
+        redirect_back(fallback_location: root_path)
       end
     end
 
@@ -55,7 +59,7 @@ module InvisibleCaptcha
 
       # Consider as spam if timestamp not in session, cause that means the form was not fetched at all
       unless timestamp
-        warn_spam("Invisible Captcha timestamp not found in session.")
+        warn_spam("Timestamp not found in session.")
         return true
       end
 
@@ -64,7 +68,7 @@ module InvisibleCaptcha
 
       # Consider as spam if form submitted too quickly
       if time_to_submit < threshold
-        warn_spam("Invisible Captcha timestamp threshold not reached (took #{time_to_submit.to_i}s).")
+        warn_spam("Timestamp threshold not reached (took #{time_to_submit.to_i}s).")
         return true
       end
 
@@ -72,8 +76,8 @@ module InvisibleCaptcha
     end
 
     def spinner_spam?
-      if InvisibleCaptcha.spinner_enabled && params[:spinner] != session[:invisible_captcha_spinner]
-        warn_spam("Invisible Captcha spinner value mismatch")
+      if InvisibleCaptcha.spinner_enabled && (params[:spinner].blank? || params[:spinner] != session[:invisible_captcha_spinner])
+        warn_spam("Spinner value mismatch")
         return true
       end
 
@@ -88,8 +92,8 @@ module InvisibleCaptcha
         # If honeypot is defined for this controller-action, search for:
         # - honeypot: params[:subtitle]
         # - honeypot with scope: params[:topic][:subtitle]
-        if params[honeypot].present? || params.dig(scope, honeypot).present?
-          warn_spam("Invisible Captcha honeypot param '#{honeypot}' was present.")
+        if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
+          warn_spam("Honeypot param '#{honeypot}' was present.")
           return true
         else
           # No honeypot spam detected, remove honeypot from params to avoid UnpermittedParameters exceptions
@@ -98,8 +102,8 @@ module InvisibleCaptcha
         end
       else
         InvisibleCaptcha.honeypots.each do |default_honeypot|
-          if params[default_honeypot].present?
-            warn_spam("Invisible Captcha honeypot param '#{default_honeypot}' was present.")
+          if params[default_honeypot].present? || (params[scope] && params[scope][default_honeypot].present?)
+            warn_spam("Honeypot param '#{scope}.#{default_honeypot}' was present.")
             return true
           end
         end
@@ -109,7 +113,9 @@ module InvisibleCaptcha
     end
 
     def warn_spam(message)
-      logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
+      message = "[Invisible Captcha] Potential spam detected for IP #{request.remote_ip}. #{message}"
+
+      logger.warn(message)
 
       ActiveSupport::Notifications.instrument(
         'invisible_captcha.spam_detected',

data/lib/invisible_captcha/form_helpers.rb

@@ -2,7 +2,7 @@
 
 module InvisibleCaptcha
   module FormHelpers
-    def invisible_captcha(honeypot, options = {})
+    def invisible_captcha(honeypot = nil, options = {})
       @template.invisible_captcha(honeypot, self.object_name, options)
     end
   end

data/lib/invisible_captcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module InvisibleCaptcha
-  VERSION = "2.0.0"
+  VERSION = "2.3.0"
 end

data/lib/invisible_captcha/view_helpers.rb

@@ -57,7 +57,7 @@ module InvisibleCaptcha
         concat label_tag(build_label_name(honeypot, scope), label)
         concat text_field_tag(build_input_name(honeypot, scope), nil, default_honeypot_options.merge(options))
         if InvisibleCaptcha.spinner_enabled
-          concat hidden_field_tag("spinner", session[:invisible_captcha_spinner])
+          concat hidden_field_tag("spinner", session[:invisible_captcha_spinner], id: nil)
         end
       end
     end

data/spec/controllers_spec.rb

@@ -71,6 +71,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
         .to be_present
     end
 
+    it 'runs on_spam callback if on_timestamp_spam callback is defined but passes' do
+      put :test_passthrough, params: { id: 1, topic: { title: 'bar', subtitle: 'foo' } }
+
+      expect(response.status).to eq(204)
+    end
+
     context 'successful submissions' do
       it 'passes if submission on or after timestamp_threshold' do
         sleep InvisibleCaptcha.timestamp_threshold
@@ -84,7 +90,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
         }
 
         expect(flash[:error]).not_to be_present
-        expect(response.body).to be_present
+        expect(response.body).to redirect_to(new_topic_path)
 
         # Make sure session is cleared
         expect(session[:invisible_captcha_timestamp]).to be_nil
@@ -96,7 +102,13 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
         post :publish, params: { id: 1 }
 
         expect(flash[:error]).not_to be_present
-        expect(response.body).to be_present
+        expect(response.body).to redirect_to(new_topic_path)
+      end
+
+      it 'passes if on_timestamp_spam doesn\'t perform' do
+        put :test_passthrough, params: { id: 1, topic: { title: 'bar' } }
+
+        expect(response.body).to redirect_to(new_topic_path)
       end
     end
   end
@@ -121,6 +133,50 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       expect(response.body).to be_present
     end
 
+    context 'with random honeypot' do
+      context 'auto-scoped' do
+        it 'passes with no spam' do
+          post :categorize, params: { topic: { title: 'foo' } }
+
+          expect(response.body).to redirect_to(new_topic_path)
+        end
+
+        it 'fails with spam' do
+          post :categorize, params: { topic: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' } }
+
+          expect(response.body).not_to redirect_to(new_topic_path)
+        end
+      end
+
+      context 'with no scope' do
+        it 'passes with no spam' do
+          post :categorize
+
+          expect(response.body).to redirect_to(new_topic_path)
+        end
+
+        it 'fails with spam' do
+          post :categorize, params: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' }
+
+          expect(response.body).not_to redirect_to(new_topic_path)
+        end
+      end
+
+      context 'with scope' do
+        it 'fails with spam' do
+          post :rename, params: { topic: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' } }
+
+          expect(response.body).to be_blank
+        end
+
+        it 'passes with no spam' do
+          post :rename, params: { topic: { title: 'foo' } }
+
+          expect(response.body).to be_blank
+        end
+      end
+    end
+
     it 'allow a custom on_spam callback' do
       put :update,  params: { id: 1, topic: { subtitle: 'foo' } }
 
@@ -148,8 +204,8 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       after { ActiveSupport::Notifications.unsubscribe(subscriber) }
 
       it 'dispatches an `invisible_captcha.spam_detected` event' do
-        expect(dummy_handler).to receive(:handle_event).once.with(
-          message: "Invisible Captcha honeypot param 'subtitle' was present.",
+        expect(dummy_handler).to receive(:handle_event).once.with({
+          message: "[Invisible Captcha] Potential spam detected for IP 0.0.0.0. Honeypot param 'subtitle' was present.",
           remote_ip: '0.0.0.0',
           user_agent: 'Rails Testing',
           controller: 'topics',
@@ -160,7 +216,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
             controller: 'topics',
             action: 'create'
           }
-        )
+        })
 
         post :create, params: { topic: { subtitle: 'foo' } }
       end

data/spec/dummy/app/controllers/topics_controller.rb

@@ -9,6 +9,14 @@ class TopicsController < ApplicationController
 
   invisible_captcha honeypot: :subtitle, only: :copy, timestamp_enabled: false
 
+  invisible_captcha scope: :topic, only: :rename
+
+  invisible_captcha only: :categorize
+
+  invisible_captcha honeypot: :subtitle, only: :test_passthrough,
+    on_spam: :catching_on_spam_callback,
+    on_timestamp_spam: :on_timestamp_spam_callback_with_passthrough
+
   def index
     redirect_to new_topic_path
   end
@@ -28,6 +36,14 @@ class TopicsController < ApplicationController
   end
 
   def update
+    redirect_to new_topic_path
+  end
+
+  def rename
+  end
+
+  def categorize
+    redirect_to new_topic_path
   end
 
   def publish
@@ -44,6 +60,10 @@ class TopicsController < ApplicationController
     end
   end
 
+  def test_passthrough
+    redirect_to new_topic_path
+  end
+
   private
 
   def custom_callback
@@ -53,4 +73,12 @@ class TopicsController < ApplicationController
   def custom_timestamp_callback
     head(204)
   end
+
+  def on_timestamp_spam_callback_with_passthrough
+  end
+
+  def catching_on_spam_callback
+    head(204)
+  end
+
 end

data/spec/dummy/app/views/layouts/application.html.erb

@@ -1,9 +1,8 @@
 <!DOCTYPE html>
 <html>
 <head>
-  <title>Dummy</title>
-  <%= stylesheet_link_tag    "application", :media => "all" %>
-  <%= javascript_include_tag "application" %>
+  <title>InvisibleCaptcha Demo</title>
+  <%= stylesheet_link_tag "/styles.css" %>
   <%= csrf_meta_tags %>
   <%= invisible_captcha_styles %>
 </head>
@@ -25,5 +24,11 @@
   <% end %>
 
   <%= yield %>
+
+  <footer>
+    Running on
+    <b>Ruby <%= RUBY_VERSION %></b> and
+    <b>Rails <%= Rails.version %></b>
+  </footer>
   </body>
 </html>

data/spec/dummy/config/application.rb

@@ -2,9 +2,7 @@ require File.expand_path('../boot', __FILE__)
 
 require 'action_controller/railtie'
 require 'action_view/railtie'
-require 'action_mailer/railtie'
 require 'active_model/railtie'
-require 'sprockets/railtie'
 
 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.

data/spec/dummy/config/environments/development.rb

@@ -14,7 +14,7 @@ Dummy::Application.configure do
   config.action_controller.perform_caching = false
 
   # Don't care if the mailer can't send.
-  config.action_mailer.raise_delivery_errors = false
+  # config.action_mailer.raise_delivery_errors = false
 
   # Print deprecation notices to the Rails logger.
   config.active_support.deprecation = :log
@@ -31,9 +31,6 @@ Dummy::Application.configure do
   # yet still be able to expire them through the digest params.
   # config.assets.digest = true
 
-  # quiet assets
-  config.assets.quiet = true
-
   # Adds additional error checking when serving assets at runtime.
   # Checks for improperly declared sprockets dependencies.
   # Raises helpful error messages.

data/spec/dummy/config/environments/test.rb

@@ -30,7 +30,7 @@ Dummy::Application.configure do
   # Tell Action Mailer not to deliver emails to the real world.
   # The :test delivery method accumulates sent emails in the
   # ActionMailer::Base.deliveries array.
-  config.action_mailer.delivery_method = :test
+  # config.action_mailer.delivery_method = :test
 
   # Print deprecation notices to the stderr.
   config.active_support.deprecation = :stderr

data/spec/dummy/config/routes.rb

@@ -1,7 +1,10 @@
 Rails.application.routes.draw do
   resources :topics do
     post :publish, on: :member
+    post :rename, on: :collection
+    post :categorize, on: :collection
     post :copy, on: :collection
+    post :test_passthrough, on: :collection
   end
 
   root to: 'topics#new'

data/spec/dummy/{app/assets/stylesheets/application.css → public/styles.css}

@@ -8,8 +8,11 @@ h1 {
   border-bottom: 3px solid;
 }
 
-input,
-textarea {
+a {
+  color: #000;
+}
+
+input, textarea {
   border: 0;
   margin-bottom: 1.5em;
 }
@@ -19,13 +22,24 @@ input {
 }
 
 button {
-  background-color: #f0f0f0;
+  color: #fff;
+  background-color: #000;
+  border: none;
   border-radius: 0.25em;
   height: 3em;
   width: 10em;
   font-size: 1em;
 }
 
+footer {
+  position: fixed;
+  bottom: 0;
+  width: 100%;
+  padding: 1em 0;
+  font-size: 0.8em;
+  background-color: #ccc;
+}
+
 .errors {
   color: darkred;
-}
+}

data/spec/spec_helper.rb

@@ -2,6 +2,13 @@
 
 ENV['RAILS_ENV'] = 'test'
 
+require 'simplecov'
+if ENV['CI']
+  require 'simplecov-cobertura'
+  SimpleCov.formatter = SimpleCov::Formatter::CoberturaFormatter
+end
+SimpleCov.start
+
 require File.expand_path("../dummy/config/environment.rb", __FILE__)
 require 'rspec/rails'
 require 'invisible_captcha'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invisible_captcha
 version: !ruby/object:Gem::Version
-  version: 2.0.0
+  version: 2.3.0
 platform: ruby
 authors:
 - Marc Anguera Insa
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-02-27 00:00:00.000000000 Z
+date: 2024-03-17 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: '5.0'
+        version: '5.2'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -52,6 +52,48 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
+- !ruby/object:Gem::Dependency
+  name: webrick
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: simplecov-cobertura
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
 description: Unobtrusive, flexible and complete spam protection for Rails applications
   using honeypot strategy for better user experience.
 email:
@@ -60,9 +102,9 @@ executables: []
 extensions: []
 extra_rdoc_files: []
 files:
+- ".github/workflows/ci.yml"
 - ".gitignore"
 - ".rspec"
-- ".travis.yml"
 - Appraisals
 - CHANGELOG.md
 - Gemfile
@@ -72,6 +114,8 @@ files:
 - gemfiles/rails_5.2.gemfile
 - gemfiles/rails_6.0.gemfile
 - gemfiles/rails_6.1.gemfile
+- gemfiles/rails_7.0.gemfile
+- gemfiles/rails_7.1.gemfile
 - invisible_captcha.gemspec
 - lib/invisible_captcha.rb
 - lib/invisible_captcha/controller_ext.rb
@@ -82,13 +126,9 @@ files:
 - spec/controllers_spec.rb
 - spec/dummy/README.md
 - spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/assets/javascripts/application.js
-- spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/topics_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/mailers/.gitkeep
 - spec/dummy/app/models/topic.rb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/topics/new.html.erb
@@ -101,7 +141,6 @@ files:
 - spec/dummy/config/boot.rb
 - spec/dummy/config/environment.rb
 - spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/cookies_serializer.rb
@@ -114,12 +153,12 @@ files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
-- spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
+- spec/dummy/public/styles.css
 - spec/invisible_captcha_spec.rb
 - spec/spec_helper.rb
 - spec/view_helpers_spec.rb
@@ -127,7 +166,7 @@ homepage: https://github.com/markets/invisible_captcha
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -142,21 +181,17 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Honeypot spam protection for Rails
 test_files:
 - spec/controllers_spec.rb
 - spec/dummy/README.md
 - spec/dummy/Rakefile
-- spec/dummy/app/assets/config/manifest.js
-- spec/dummy/app/assets/javascripts/application.js
-- spec/dummy/app/assets/stylesheets/application.css
 - spec/dummy/app/controllers/application_controller.rb
 - spec/dummy/app/controllers/topics_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
-- spec/dummy/app/mailers/.gitkeep
 - spec/dummy/app/models/topic.rb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/topics/new.html.erb
@@ -169,7 +204,6 @@ test_files:
 - spec/dummy/config/boot.rb
 - spec/dummy/config/environment.rb
 - spec/dummy/config/environments/development.rb
-- spec/dummy/config/environments/production.rb
 - spec/dummy/config/environments/test.rb
 - spec/dummy/config/initializers/backtrace_silencers.rb
 - spec/dummy/config/initializers/cookies_serializer.rb
@@ -182,12 +216,12 @@ test_files:
 - spec/dummy/config/locales/en.yml
 - spec/dummy/config/routes.rb
 - spec/dummy/config/secrets.yml
-- spec/dummy/lib/assets/.gitkeep
 - spec/dummy/log/.gitkeep
 - spec/dummy/public/404.html
 - spec/dummy/public/422.html
 - spec/dummy/public/500.html
 - spec/dummy/public/favicon.ico
+- spec/dummy/public/styles.css
 - spec/invisible_captcha_spec.rb
 - spec/spec_helper.rb
 - spec/view_helpers_spec.rb

data/.travis.yml

@@ -1,18 +0,0 @@
-language: ruby
-cache: bundler
-rvm:
-  - ruby-head
-  - 3.0.0
-  - 2.7.2
-  - 2.6.5
-  - 2.5.8
-gemfile:
-  - gemfiles/rails_6.1.gemfile
-  - gemfiles/rails_6.0.gemfile
-  - gemfiles/rails_5.2.gemfile
-matrix:
-  exclude:
-    - rvm: 3.0.0
-      gemfile: gemfiles/rails_5.2.gemfile
-  allow_failures:
-    - rvm: ruby-head

data/spec/dummy/app/assets/config/manifest.js

@@ -1,2 +0,0 @@
-//= link_directory ../javascripts .js
-//= link_directory ../stylesheets .css

data/spec/dummy/app/assets/javascripts/application.js

@@ -1 +0,0 @@
-console.log('Hi from Invisible Captcha!');

data/spec/dummy/config/environments/production.rb

@@ -1,86 +0,0 @@
-Rails.application.configure do
-  # Settings specified here will take precedence over those in config/application.rb.
-
-  # Code is not reloaded between requests.
-  config.cache_classes = true
-
-  # Eager load code on boot. This eager loads most of Rails and
-  # your application in memory, allowing both threaded web servers
-  # and those relying on copy on write to perform better.
-  # Rake tasks automatically ignore this option for performance.
-  config.eager_load = true
-
-  # Full error reports are disabled and caching is turned on.
-  config.consider_all_requests_local       = false
-  config.action_controller.perform_caching = true
-
-  # Disable serving static files from the `/public` folder by default since
-  # Apache or NGINX already handles this.
-  config.public_file_server.enabled = ENV['RAILS_SERVE_STATIC_FILES'].present?
-
-  # Compress JavaScripts and CSS.
-  config.assets.js_compressor = :uglifier
-  # config.assets.css_compressor = :sass
-
-  # Do not fallback to assets pipeline if a precompiled asset is missed.
-  config.assets.compile = false
-
-  # `config.assets.precompile` and `config.assets.version` have moved to config/initializers/assets.rb
-
-  # Enable serving of images, stylesheets, and JavaScripts from an asset server.
-  # config.action_controller.asset_host = 'http://assets.example.com'
-
-  # Specifies the header that your server uses for sending files.
-  # config.action_dispatch.x_sendfile_header = 'X-Sendfile' # for Apache
-  # config.action_dispatch.x_sendfile_header = 'X-Accel-Redirect' # for NGINX
-
-  # Mount Action Cable outside main process or domain
-  # config.action_cable.mount_path = nil
-  # config.action_cable.url = 'wss://example.com/cable'
-  # config.action_cable.allowed_request_origins = [ 'http://example.com', /http:\/\/example.*/ ]
-
-  # Force all access to the app over SSL, use Strict-Transport-Security, and use secure cookies.
-  # config.force_ssl = true
-
-  # Use the lowest log level to ensure availability of diagnostic information
-  # when problems arise.
-  config.log_level = :debug
-
-  # Prepend all log lines with the following tags.
-  config.log_tags = [ :request_id ]
-
-  # Use a different cache store in production.
-  # config.cache_store = :mem_cache_store
-
-  # Use a real queuing backend for Active Job (and separate queues per environment)
-  # config.active_job.queue_adapter     = :resque
-  # config.active_job.queue_name_prefix = "dummy_#{Rails.env}"
-  config.action_mailer.perform_caching = false
-
-  # Ignore bad email addresses and do not raise email delivery errors.
-  # Set this to true and configure the email server for immediate delivery to raise delivery errors.
-  # config.action_mailer.raise_delivery_errors = false
-
-  # Enable locale fallbacks for I18n (makes lookups for any locale fall back to
-  # the I18n.default_locale when a translation cannot be found).
-  config.i18n.fallbacks = true
-
-  # Send deprecation notices to registered listeners.
-  config.active_support.deprecation = :notify
-
-  # Use default logging formatter so that PID and timestamp are not suppressed.
-  config.log_formatter = ::Logger::Formatter.new
-
-  # Use a different logger for distributed setups.
-  # require 'syslog/logger'
-  # config.logger = ActiveSupport::TaggedLogging.new(Syslog::Logger.new 'app-name')
-
-  if ENV["RAILS_LOG_TO_STDOUT"].present?
-    logger           = ActiveSupport::Logger.new(STDOUT)
-    logger.formatter = config.log_formatter
-    config.logger = ActiveSupport::TaggedLogging.new(logger)
-  end
-
-  # Do not dump schema after migrations.
-  config.active_record.dump_schema_after_migration = false
-end