invisible_captcha 2.2.0 → 2.3.0
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/LICENSE +1 -1
- data/README.md +21 -1
- data/lib/invisible_captcha/controller_ext.rb +5 -2
- data/lib/invisible_captcha/version.rb +1 -1
- data/spec/controllers_spec.rb +12 -0
- data/spec/dummy/app/controllers/topics_controller.rb +16 -0
- data/spec/dummy/config/routes.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8421f23e2c4ca4f1512efe6f0ac5b7d538c21fae25c94dae1eb12080bcc7bff2
|
|
4
|
+
data.tar.gz: d80bbba59b964e84f677620a2c24a5047744a95733805981583034e3629034a4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94f28d33d89e5dcfa741d97c34c4a42645a5d3f668238653341cd402c1e1e3bfbf8d2c42f5bc6d9d8bda3815d3e7036c0dae13965691e7409ce5df1ff5763bee
|
|
7
|
+
data.tar.gz: 2a187357840766a3eae1c40f032015c38f07a2b12955c9bfc82f95251b81138a6eab8e69ccd0adbfb9e5f13c095a541e869f2b3d5672e29a75b893253702965e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [2.3.0]
|
|
6
|
+
|
|
7
|
+
- Run honeypot + spinner checks and their callback also if timestamp triggers but passes through (#132)
|
|
8
|
+
- Mark as spam requests with no spinner value (#134)
|
|
9
|
+
|
|
5
10
|
## [2.2.0]
|
|
6
11
|
|
|
7
12
|
- Official support for Rails 7.1
|
|
@@ -136,6 +141,7 @@ All notable changes to this project will be documented in this file.
|
|
|
136
141
|
|
|
137
142
|
- First version of controller filters
|
|
138
143
|
|
|
144
|
+
[2.3.0]: https://github.com/markets/invisible_captcha/compare/v2.2.0...v2.3.0
|
|
139
145
|
[2.2.0]: https://github.com/markets/invisible_captcha/compare/v2.1.0...v2.2.0
|
|
140
146
|
[2.1.0]: https://github.com/markets/invisible_captcha/compare/v2.0.0...v2.1.0
|
|
141
147
|
[2.0.0]: https://github.com/markets/invisible_captcha/compare/v1.1.0...v2.0.0
|
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -287,7 +287,7 @@ end
|
|
|
287
287
|
Another option is to wait for the timestamp check to be valid:
|
|
288
288
|
|
|
289
289
|
```ruby
|
|
290
|
-
# Maybe
|
|
290
|
+
# Maybe inside a before block
|
|
291
291
|
InvisibleCaptcha.init!
|
|
292
292
|
InvisibleCaptcha.timestamp_threshold = 1
|
|
293
293
|
|
|
@@ -295,6 +295,26 @@ InvisibleCaptcha.timestamp_threshold = 1
|
|
|
295
295
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
296
296
|
```
|
|
297
297
|
|
|
298
|
+
If you're using the "random honeypot" approach, you may want to set a known honeypot:
|
|
299
|
+
|
|
300
|
+
```ruby
|
|
301
|
+
config.honeypots = ['my_honeypot_field'] if Rails.env.test?
|
|
302
|
+
```
|
|
303
|
+
|
|
304
|
+
And for the "spinner validation" check, you may want to disable it:
|
|
305
|
+
|
|
306
|
+
```ruby
|
|
307
|
+
config.spinner_enabled = !Rails.env.test?
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
Or alternativelly, you should send a valid spinner value along your requests:
|
|
311
|
+
|
|
312
|
+
```ruby
|
|
313
|
+
# RSpec example
|
|
314
|
+
session[:invisible_captcha_spinner] = '32ab649161f9f6faeeb323746de1a25d'
|
|
315
|
+
post :create, params: { topic: { title: 'foo' }, spinner: '32ab649161f9f6faeeb323746de1a25d' }
|
|
316
|
+
```
|
|
317
|
+
|
|
298
318
|
## Contribute
|
|
299
319
|
|
|
300
320
|
Any kind of idea, feedback or bug report are welcome! Open an [issue](https://github.com/markets/invisible_captcha/issues) or send a [pull request](https://github.com/markets/invisible_captcha/pulls).
|
|
@@ -21,7 +21,10 @@ module InvisibleCaptcha
|
|
|
21
21
|
def detect_spam(options = {})
|
|
22
22
|
if timestamp_spam?(options)
|
|
23
23
|
on_timestamp_spam(options)
|
|
24
|
-
|
|
24
|
+
return if performed?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
if honeypot_spam?(options) || spinner_spam?
|
|
25
28
|
on_spam(options)
|
|
26
29
|
end
|
|
27
30
|
end
|
|
@@ -73,7 +76,7 @@ module InvisibleCaptcha
|
|
|
73
76
|
end
|
|
74
77
|
|
|
75
78
|
def spinner_spam?
|
|
76
|
-
if InvisibleCaptcha.spinner_enabled && params[:spinner] != session[:invisible_captcha_spinner]
|
|
79
|
+
if InvisibleCaptcha.spinner_enabled && (params[:spinner].blank? || params[:spinner] != session[:invisible_captcha_spinner])
|
|
77
80
|
warn_spam("Spinner value mismatch")
|
|
78
81
|
return true
|
|
79
82
|
end
|
data/spec/controllers_spec.rb
CHANGED
|
@@ -71,6 +71,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
71
71
|
.to be_present
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
it 'runs on_spam callback if on_timestamp_spam callback is defined but passes' do
|
|
75
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar', subtitle: 'foo' } }
|
|
76
|
+
|
|
77
|
+
expect(response.status).to eq(204)
|
|
78
|
+
end
|
|
79
|
+
|
|
74
80
|
context 'successful submissions' do
|
|
75
81
|
it 'passes if submission on or after timestamp_threshold' do
|
|
76
82
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
@@ -98,6 +104,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
98
104
|
expect(flash[:error]).not_to be_present
|
|
99
105
|
expect(response.body).to redirect_to(new_topic_path)
|
|
100
106
|
end
|
|
107
|
+
|
|
108
|
+
it 'passes if on_timestamp_spam doesn\'t perform' do
|
|
109
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar' } }
|
|
110
|
+
|
|
111
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
112
|
+
end
|
|
101
113
|
end
|
|
102
114
|
end
|
|
103
115
|
|
|
@@ -13,6 +13,10 @@ class TopicsController < ApplicationController
|
|
|
13
13
|
|
|
14
14
|
invisible_captcha only: :categorize
|
|
15
15
|
|
|
16
|
+
invisible_captcha honeypot: :subtitle, only: :test_passthrough,
|
|
17
|
+
on_spam: :catching_on_spam_callback,
|
|
18
|
+
on_timestamp_spam: :on_timestamp_spam_callback_with_passthrough
|
|
19
|
+
|
|
16
20
|
def index
|
|
17
21
|
redirect_to new_topic_path
|
|
18
22
|
end
|
|
@@ -56,6 +60,10 @@ class TopicsController < ApplicationController
|
|
|
56
60
|
end
|
|
57
61
|
end
|
|
58
62
|
|
|
63
|
+
def test_passthrough
|
|
64
|
+
redirect_to new_topic_path
|
|
65
|
+
end
|
|
66
|
+
|
|
59
67
|
private
|
|
60
68
|
|
|
61
69
|
def custom_callback
|
|
@@ -65,4 +73,12 @@ class TopicsController < ApplicationController
|
|
|
65
73
|
def custom_timestamp_callback
|
|
66
74
|
head(204)
|
|
67
75
|
end
|
|
76
|
+
|
|
77
|
+
def on_timestamp_spam_callback_with_passthrough
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def catching_on_spam_callback
|
|
81
|
+
head(204)
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
end
|
data/spec/dummy/config/routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|