invisible_captcha 2.1.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/.github/workflows/ci.yml +1 -1
- data/Appraisals +1 -0
- data/CHANGELOG.md +13 -0
- data/LICENSE +1 -1
- data/README.md +21 -1
- data/gemfiles/rails_7.1.gemfile +7 -0
- data/lib/invisible_captcha/controller_ext.rb +9 -5
- data/lib/invisible_captcha/version.rb +1 -1
- data/spec/controllers_spec.rb +18 -6
- data/spec/dummy/app/controllers/topics_controller.rb +16 -0
- data/spec/dummy/app/views/layouts/application.html.erb +7 -1
- data/spec/dummy/config/routes.rb +1 -0
- data/spec/dummy/public/styles.css +9 -0
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8421f23e2c4ca4f1512efe6f0ac5b7d538c21fae25c94dae1eb12080bcc7bff2
|
|
4
|
+
data.tar.gz: d80bbba59b964e84f677620a2c24a5047744a95733805981583034e3629034a4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94f28d33d89e5dcfa741d97c34c4a42645a5d3f668238653341cd402c1e1e3bfbf8d2c42f5bc6d9d8bda3815d3e7036c0dae13965691e7409ce5df1ff5763bee
|
|
7
|
+
data.tar.gz: 2a187357840766a3eae1c40f032015c38f07a2b12955c9bfc82f95251b81138a6eab8e69ccd0adbfb9e5f13c095a541e869f2b3d5672e29a75b893253702965e
|
data/.github/workflows/ci.yml
CHANGED
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,17 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [2.3.0]
|
|
6
|
+
|
|
7
|
+
- Run honeypot + spinner checks and their callback also if timestamp triggers but passes through (#132)
|
|
8
|
+
- Mark as spam requests with no spinner value (#134)
|
|
9
|
+
|
|
10
|
+
## [2.2.0]
|
|
11
|
+
|
|
12
|
+
- Official support for Rails 7.1
|
|
13
|
+
- Fix flash message for `on_timestamp_spam` callback (#125)
|
|
14
|
+
- Fix potential error when lookup the honeypot parameter using (#128)
|
|
15
|
+
|
|
5
16
|
## [2.1.0]
|
|
6
17
|
|
|
7
18
|
- Drop official support for EOL Rubies: 2.5 and 2.6
|
|
@@ -130,6 +141,8 @@ All notable changes to this project will be documented in this file.
|
|
|
130
141
|
|
|
131
142
|
- First version of controller filters
|
|
132
143
|
|
|
144
|
+
[2.3.0]: https://github.com/markets/invisible_captcha/compare/v2.2.0...v2.3.0
|
|
145
|
+
[2.2.0]: https://github.com/markets/invisible_captcha/compare/v2.1.0...v2.2.0
|
|
133
146
|
[2.1.0]: https://github.com/markets/invisible_captcha/compare/v2.0.0...v2.1.0
|
|
134
147
|
[2.0.0]: https://github.com/markets/invisible_captcha/compare/v1.1.0...v2.0.0
|
|
135
148
|
[1.1.0]: https://github.com/markets/invisible_captcha/compare/v1.0.1...v1.1.0
|
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -287,7 +287,7 @@ end
|
|
|
287
287
|
Another option is to wait for the timestamp check to be valid:
|
|
288
288
|
|
|
289
289
|
```ruby
|
|
290
|
-
# Maybe
|
|
290
|
+
# Maybe inside a before block
|
|
291
291
|
InvisibleCaptcha.init!
|
|
292
292
|
InvisibleCaptcha.timestamp_threshold = 1
|
|
293
293
|
|
|
@@ -295,6 +295,26 @@ InvisibleCaptcha.timestamp_threshold = 1
|
|
|
295
295
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
296
296
|
```
|
|
297
297
|
|
|
298
|
+
If you're using the "random honeypot" approach, you may want to set a known honeypot:
|
|
299
|
+
|
|
300
|
+
```ruby
|
|
301
|
+
config.honeypots = ['my_honeypot_field'] if Rails.env.test?
|
|
302
|
+
```
|
|
303
|
+
|
|
304
|
+
And for the "spinner validation" check, you may want to disable it:
|
|
305
|
+
|
|
306
|
+
```ruby
|
|
307
|
+
config.spinner_enabled = !Rails.env.test?
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
Or alternativelly, you should send a valid spinner value along your requests:
|
|
311
|
+
|
|
312
|
+
```ruby
|
|
313
|
+
# RSpec example
|
|
314
|
+
session[:invisible_captcha_spinner] = '32ab649161f9f6faeeb323746de1a25d'
|
|
315
|
+
post :create, params: { topic: { title: 'foo' }, spinner: '32ab649161f9f6faeeb323746de1a25d' }
|
|
316
|
+
```
|
|
317
|
+
|
|
298
318
|
## Contribute
|
|
299
319
|
|
|
300
320
|
Any kind of idea, feedback or bug report are welcome! Open an [issue](https://github.com/markets/invisible_captcha/issues) or send a [pull request](https://github.com/markets/invisible_captcha/pulls).
|
|
@@ -21,7 +21,10 @@ module InvisibleCaptcha
|
|
|
21
21
|
def detect_spam(options = {})
|
|
22
22
|
if timestamp_spam?(options)
|
|
23
23
|
on_timestamp_spam(options)
|
|
24
|
-
|
|
24
|
+
return if performed?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
if honeypot_spam?(options) || spinner_spam?
|
|
25
28
|
on_spam(options)
|
|
26
29
|
end
|
|
27
30
|
end
|
|
@@ -30,7 +33,8 @@ module InvisibleCaptcha
|
|
|
30
33
|
if action = options[:on_timestamp_spam]
|
|
31
34
|
send(action)
|
|
32
35
|
else
|
|
33
|
-
|
|
36
|
+
flash[:error] = InvisibleCaptcha.timestamp_error_message
|
|
37
|
+
redirect_back(fallback_location: root_path)
|
|
34
38
|
end
|
|
35
39
|
end
|
|
36
40
|
|
|
@@ -72,7 +76,7 @@ module InvisibleCaptcha
|
|
|
72
76
|
end
|
|
73
77
|
|
|
74
78
|
def spinner_spam?
|
|
75
|
-
if InvisibleCaptcha.spinner_enabled && params[:spinner] != session[:invisible_captcha_spinner]
|
|
79
|
+
if InvisibleCaptcha.spinner_enabled && (params[:spinner].blank? || params[:spinner] != session[:invisible_captcha_spinner])
|
|
76
80
|
warn_spam("Spinner value mismatch")
|
|
77
81
|
return true
|
|
78
82
|
end
|
|
@@ -88,7 +92,7 @@ module InvisibleCaptcha
|
|
|
88
92
|
# If honeypot is defined for this controller-action, search for:
|
|
89
93
|
# - honeypot: params[:subtitle]
|
|
90
94
|
# - honeypot with scope: params[:topic][:subtitle]
|
|
91
|
-
if params[honeypot].present? || params
|
|
95
|
+
if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
|
|
92
96
|
warn_spam("Honeypot param '#{honeypot}' was present.")
|
|
93
97
|
return true
|
|
94
98
|
else
|
|
@@ -98,7 +102,7 @@ module InvisibleCaptcha
|
|
|
98
102
|
end
|
|
99
103
|
else
|
|
100
104
|
InvisibleCaptcha.honeypots.each do |default_honeypot|
|
|
101
|
-
if params[default_honeypot].present? || params
|
|
105
|
+
if params[default_honeypot].present? || (params[scope] && params[scope][default_honeypot].present?)
|
|
102
106
|
warn_spam("Honeypot param '#{scope}.#{default_honeypot}' was present.")
|
|
103
107
|
return true
|
|
104
108
|
end
|
data/spec/controllers_spec.rb
CHANGED
|
@@ -71,6 +71,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
71
71
|
.to be_present
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
it 'runs on_spam callback if on_timestamp_spam callback is defined but passes' do
|
|
75
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar', subtitle: 'foo' } }
|
|
76
|
+
|
|
77
|
+
expect(response.status).to eq(204)
|
|
78
|
+
end
|
|
79
|
+
|
|
74
80
|
context 'successful submissions' do
|
|
75
81
|
it 'passes if submission on or after timestamp_threshold' do
|
|
76
82
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
@@ -84,7 +90,7 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
84
90
|
}
|
|
85
91
|
|
|
86
92
|
expect(flash[:error]).not_to be_present
|
|
87
|
-
expect(response.body).to
|
|
93
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
88
94
|
|
|
89
95
|
# Make sure session is cleared
|
|
90
96
|
expect(session[:invisible_captcha_timestamp]).to be_nil
|
|
@@ -96,7 +102,13 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
96
102
|
post :publish, params: { id: 1 }
|
|
97
103
|
|
|
98
104
|
expect(flash[:error]).not_to be_present
|
|
99
|
-
expect(response.body).to
|
|
105
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
106
|
+
end
|
|
107
|
+
|
|
108
|
+
it 'passes if on_timestamp_spam doesn\'t perform' do
|
|
109
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar' } }
|
|
110
|
+
|
|
111
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
100
112
|
end
|
|
101
113
|
end
|
|
102
114
|
end
|
|
@@ -126,13 +138,13 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
126
138
|
it 'passes with no spam' do
|
|
127
139
|
post :categorize, params: { topic: { title: 'foo' } }
|
|
128
140
|
|
|
129
|
-
expect(response.body).to
|
|
141
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
130
142
|
end
|
|
131
143
|
|
|
132
144
|
it 'fails with spam' do
|
|
133
145
|
post :categorize, params: { topic: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' } }
|
|
134
146
|
|
|
135
|
-
expect(response.body).
|
|
147
|
+
expect(response.body).not_to redirect_to(new_topic_path)
|
|
136
148
|
end
|
|
137
149
|
end
|
|
138
150
|
|
|
@@ -140,13 +152,13 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
140
152
|
it 'passes with no spam' do
|
|
141
153
|
post :categorize
|
|
142
154
|
|
|
143
|
-
expect(response.body).to
|
|
155
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
144
156
|
end
|
|
145
157
|
|
|
146
158
|
it 'fails with spam' do
|
|
147
159
|
post :categorize, params: { "#{InvisibleCaptcha.honeypots.sample}": 'foo' }
|
|
148
160
|
|
|
149
|
-
expect(response.body).
|
|
161
|
+
expect(response.body).not_to redirect_to(new_topic_path)
|
|
150
162
|
end
|
|
151
163
|
end
|
|
152
164
|
|
|
@@ -13,6 +13,10 @@ class TopicsController < ApplicationController
|
|
|
13
13
|
|
|
14
14
|
invisible_captcha only: :categorize
|
|
15
15
|
|
|
16
|
+
invisible_captcha honeypot: :subtitle, only: :test_passthrough,
|
|
17
|
+
on_spam: :catching_on_spam_callback,
|
|
18
|
+
on_timestamp_spam: :on_timestamp_spam_callback_with_passthrough
|
|
19
|
+
|
|
16
20
|
def index
|
|
17
21
|
redirect_to new_topic_path
|
|
18
22
|
end
|
|
@@ -56,6 +60,10 @@ class TopicsController < ApplicationController
|
|
|
56
60
|
end
|
|
57
61
|
end
|
|
58
62
|
|
|
63
|
+
def test_passthrough
|
|
64
|
+
redirect_to new_topic_path
|
|
65
|
+
end
|
|
66
|
+
|
|
59
67
|
private
|
|
60
68
|
|
|
61
69
|
def custom_callback
|
|
@@ -65,4 +73,12 @@ class TopicsController < ApplicationController
|
|
|
65
73
|
def custom_timestamp_callback
|
|
66
74
|
head(204)
|
|
67
75
|
end
|
|
76
|
+
|
|
77
|
+
def on_timestamp_spam_callback_with_passthrough
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def catching_on_spam_callback
|
|
81
|
+
head(204)
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
end
|
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
<!DOCTYPE html>
|
|
2
2
|
<html>
|
|
3
3
|
<head>
|
|
4
|
-
<title>
|
|
4
|
+
<title>InvisibleCaptcha Demo</title>
|
|
5
5
|
<%= stylesheet_link_tag "/styles.css" %>
|
|
6
6
|
<%= csrf_meta_tags %>
|
|
7
7
|
<%= invisible_captcha_styles %>
|
|
@@ -24,5 +24,11 @@
|
|
|
24
24
|
<% end %>
|
|
25
25
|
|
|
26
26
|
<%= yield %>
|
|
27
|
+
|
|
28
|
+
<footer>
|
|
29
|
+
Running on
|
|
30
|
+
<b>Ruby <%= RUBY_VERSION %></b> and
|
|
31
|
+
<b>Rails <%= Rails.version %></b>
|
|
32
|
+
</footer>
|
|
27
33
|
</body>
|
|
28
34
|
</html>
|
data/spec/dummy/config/routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2024-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -115,6 +115,7 @@ files:
|
|
|
115
115
|
- gemfiles/rails_6.0.gemfile
|
|
116
116
|
- gemfiles/rails_6.1.gemfile
|
|
117
117
|
- gemfiles/rails_7.0.gemfile
|
|
118
|
+
- gemfiles/rails_7.1.gemfile
|
|
118
119
|
- invisible_captcha.gemspec
|
|
119
120
|
- lib/invisible_captcha.rb
|
|
120
121
|
- lib/invisible_captcha/controller_ext.rb
|
|
@@ -180,7 +181,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
180
181
|
- !ruby/object:Gem::Version
|
|
181
182
|
version: '0'
|
|
182
183
|
requirements: []
|
|
183
|
-
rubygems_version: 3.4.
|
|
184
|
+
rubygems_version: 3.4.10
|
|
184
185
|
signing_key:
|
|
185
186
|
specification_version: 4
|
|
186
187
|
summary: Honeypot spam protection for Rails
|