invisible_captcha 0.9.3 → 0.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 80d28e320294b2c40e8df6975a0efe8ce36ae9b3
-  data.tar.gz: 27fbdf58a83d4a84475e05cea92d706dc6c37b96
+  metadata.gz: 0b8877b6b9e63a8e3469df1b1e4d564c323798f4
+  data.tar.gz: aa93c8cd7004683493f06ba0513bc4cce274f261
 SHA512:
-  metadata.gz: d49d4f389ea60c174c1ab89d31fdb2414f0a7c8626a3a75a11ab1e0cd18fd1e3fbee07ff21d1b6456249c2b98e49748c6dbec829ef99403956f299ecaca3a5ba
-  data.tar.gz: 7d8b1e7937307cbf2493de51cf2e38b8acf090455756fa719c2482530fe90a64d73c9fa07cef7da2f1aacb4d6dd011d350ee5c557cbe626b30290f05c33b16d4
+  metadata.gz: 32dca9e9c96528181b6665854d07b2edba9441390613824975617f26d263e747475688979224f09d6b582c3c762fa4f438517924534f361ffc7d266ca78d3d39
+  data.tar.gz: f8a13ba2c4885e921668617788d751050ae47a86714c6537a645fbb40071996634a603f31f4a6ff1cdbe723bfc2dbf940a9f82874306baaf98728ea1f8c23cba

data/.travis.yml

@@ -1,40 +1,30 @@
 language: ruby
-
 cache: bundler
-
 sudo: false
-
 rvm:
   - ruby-head
-  - 2.4.1
-  - 2.3.4
-  - 2.2.7
-  - 2.1
-  - 1.9.3
-
+  - 2.4.2
+  - 2.3.5
+  - 2.2.8
+  - 2.1.10
 gemfile:
   - gemfiles/rails_5.1.gemfile
   - gemfiles/rails_5.0.gemfile
   - gemfiles/rails_4.2.gemfile
   - gemfiles/rails_4.1.gemfile
   - gemfiles/rails_3.2.gemfile
-
 matrix:
   exclude:
-    - rvm: 1.9.3
-      gemfile: gemfiles/rails_4.2.gemfile
-    - rvm: 1.9.3
+    - rvm: 2.1.10
       gemfile: gemfiles/rails_5.0.gemfile
-    - rvm: 1.9.3
+    - rvm: 2.1.10
       gemfile: gemfiles/rails_5.1.gemfile
-    - rvm: 2.1
-      gemfile: gemfiles/rails_5.0.gemfile
-    - rvm: 2.1
-      gemfile: gemfiles/rails_5.1.gemfile
-    - rvm: 2.4.1
+    - rvm: 2.4.2
       gemfile: gemfiles/rails_4.1.gemfile
-    - rvm: 2.4.1
+    - rvm: 2.4.2
       gemfile: gemfiles/rails_3.2.gemfile
+    - rvm: ruby-head
+      gemfile: gemfiles/rails_4.1.gemfile
     - rvm: ruby-head
       gemfile: gemfiles/rails_3.2.gemfile
   allow_failures:

data/README.md

@@ -4,19 +4,21 @@
 
 > Simple and flexible spam protection solution for Rails applications.
 
-It is based on the `honeypot` strategy to provide a better user experience. It also provides a time-sensitive form submission.
+Invisible Captcha provides different techniques to protect your application against spambots.
 
-**Background**
+The main protection is a solution based on the `honeypot` principle, which provides a better user experience, since there is no extra steps for real users, but for the bots.
 
-The strategy is about adding an input field into the form that:
+Essentially, the strategy consists on adding an input field :honey_pot: into the form that:
 
 * shouldn't be visible by the real users
 * should be left empty by the real users
 * will most be filled by spam bots
 
+It also comes with a time-sensitive :hourglass: form submission.
+
 ## Installation
 
-Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 1.9.3`.
+Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 2.1`.
 
 Add this line to you Gemfile:
 
@@ -64,7 +66,7 @@ class TopicsController < ApplicationController
 end
 ```
 
-Note that isn't mandatory to specify a `honeypot` attribute (nor in the view, nor in the controller). In this case, the engine will take a random field from `InvisibleCaptcha.honeypots`. So, if you're integrating it following this path, in your form:
+Note that is not mandatory to specify a `honeypot` attribute (nor in the view, nor in the controller). In this case, the engine will take a random field from `InvisibleCaptcha.honeypots`. So, if you're integrating it following this path, in your form:
 
 ```erb
 <%= form_tag(new_contact_path) do |f| %>
@@ -87,20 +89,23 @@ This section contains a description of all plugin options and customizations.
 You can customize:
 
 * `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
-* `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name.
+* `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated.
 * `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
 * `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](http://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
 * `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
 * `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
+* `injectable_styles`: if enabled, you should call anywhere in your layout the following helper `<%= invisible_captcha_styles %>`. This allows you to inject styles, for example, in `<head>`. False by default, styles are injected inline with the honeypot.
 
 To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
 
 ```ruby
 InvisibleCaptcha.setup do |config|
-  config.honeypots           << 'another_fake_attribute'
-  config.visual_honeypots    = false
-  config.timestamp_threshold = 4
-  config.timestamp_enabled   = true
+  # config.honeypots           << ['more', 'fake', 'attribute', 'names']
+  # config.visual_honeypots    = false
+  # config.timestamp_threshold = 4
+  # config.timestamp_enabled   = true
+  # config.injectable_styles   = false
+
   # Leave these unset if you want to use I18n (see below)
   # config.sentence_for_humans     = 'If you are a human, ignore this field'
   # config.timestamp_error_message = 'Sorry, that was too quick! Please resubmit.'
@@ -113,9 +118,10 @@ The `invisible_captcha` method accepts some options:
 
 * `only`: apply to given controller actions.
 * `except`: exclude to given controller actions.
-* `honeypot`: name of honeypot.
+* `honeypot`: name of custom honeypot.
 * `scope`: name of scope, ie: 'topic[subtitle]' -> 'topic' is the scope.
 * `on_spam`: custom callback to be called on spam detection.
+* `timestamp_threshold`: enable/disable this technique at action level.
 * `on_timestamp_spam`: custom callback to be called when form submitted too quickly. The default action redirects to `:back` printing a warning in `flash[:error]`.
 * `timestamp_threshold`: custom threshold per controller/action. Overrides the global value for `InvisibleCaptcha.timestamp_threshold`.
 
@@ -125,12 +131,18 @@ Using the view/form helper you can override some defaults for the given instance
 
 ```erb
 <%= form_for(@topic) do |f| %>
-  <%= f.invisible_captcha :subtitle, visual_honeypots: true, sentence_for_humans: "Ei, don't fill on this input!" %>
+  <%= f.invisible_captcha :subtitle, visual_honeypots: true, sentence_for_humans: "hey! leave this input empty!" %>
   <!-- or -->
-  <%= invisible_captcha visual_honeypots: true, sentence_for_humans: "Ei, don't fill on this input!" %>
+  <%= invisible_captcha visual_honeypots: true, sentence_for_humans: "hey! leave this input empty!" %>
 <% end %>
 ```
 
+You can also pass html options to the input:
+
+```erb
+<%= invisible_captcha :subtitle, :topic, id: "your_id", class: "your_class" %>
+```
+
 ### I18n
 
 `invisible_captcha` tries to use I18n when it's available by default. The keys it looks for are the following:
@@ -163,9 +175,12 @@ $ bundle exec rspec
 Run the test suite against all supported versions:
 
 ```
-$ bundle exec appraisal rake
+$ bundle exec appraisal install
+$ bundle exec appraisal rspec
 ```
 
+### Demo
+
 Start a sample Rails app ([source code](spec/dummy)) with `InvisibleCaptcha` integrated:
 
 ```

data/Rakefile

@@ -13,5 +13,5 @@ task :web do
   puts "Starting application in http://localhost:#{port} ... \n"
 
   Dir.chdir(app_path)
-  `rails s -p #{port}`
+  exec("rails s -p #{port}")
 end

data/invisible_captcha.gemspec

@@ -20,6 +20,6 @@ Gem::Specification.new do |spec|
   spec.add_development_dependency 'rspec-rails', '~> 3.1'
   spec.add_development_dependency 'appraisal'
   spec.add_development_dependency 'test-unit', '~> 3.0'
-  spec.add_development_dependency 'mime-types', '< 3.0'
+  spec.add_development_dependency 'byebug'
 end
 

data/lib/invisible_captcha.rb

@@ -7,45 +7,39 @@ require 'invisible_captcha/railtie'
 module InvisibleCaptcha
   class << self
     attr_writer :sentence_for_humans,
-                :timestamp_error_message,
-                :error_message
+                :timestamp_error_message
 
     attr_accessor :honeypots,
                   :timestamp_threshold,
                   :timestamp_enabled,
-                  :visual_honeypots
+                  :visual_honeypots,
+                  :injectable_styles
 
     def init!
       # Default sentence for real users if text field was visible
       self.sentence_for_humans = -> { I18n.t('invisible_captcha.sentence_for_humans', default: 'If you are a human, ignore this field') }
 
-      # Default error message for validator
-      self.error_message = -> { I18n.t('invisible_captcha.error_message', default: 'You are a robot!') }
-
-      # Default fake fields for controller based workflow
-      self.honeypots = ['foo_id', 'bar_id', 'baz_id']
+      # Timestamp check enabled by default
+      self.timestamp_enabled = true
 
       # Fastest time (in seconds) to expect a human to submit the form
       self.timestamp_threshold = 4
 
-      # Timestamp check enabled by default
-      self.timestamp_enabled = true
-
       # Default error message for validator when form submitted too quickly
       self.timestamp_error_message = -> { I18n.t('invisible_captcha.timestamp_error_message', default: 'Sorry, that was too quick! Please resubmit.') }
 
       # Make honeypots visibles
       self.visual_honeypots = false
+
+      # If enabled, you should call anywhere in of your layout the following helper, to inject the honeypot styles:
+      #  <%= invisible_captcha_styles %>
+      self.injectable_styles = false
     end
 
     def sentence_for_humans
       call_lambda_or_return(@sentence_for_humans)
     end
 
-    def error_message
-      call_lambda_or_return(@error_message)
-    end
-
     def timestamp_error_message
       call_lambda_or_return(@timestamp_error_message)
     end
@@ -54,10 +48,26 @@ module InvisibleCaptcha
       yield(self) if block_given?
     end
 
+    def honeypots
+      @honeypots ||= (1..5).map { generate_random_honeypot }
+    end
+
+    def generate_random_honeypot
+      "abcdefghijkl-mnopqrstuvwxyz".chars.sample(rand(10..20)).join
+    end
+
     def get_honeypot
       honeypots.sample
     end
 
+    def css_strategy
+      [
+        "display:none;",
+        "position:absolute!important;top:-9999px;left:-9999px;",
+        "position:absolute!important;height:1px;width:1px;overflow:hidden;"
+      ].sample
+    end
+
     private
 
     def call_lambda_or_return(obj)

data/lib/invisible_captcha/controller_ext.rb

@@ -2,7 +2,7 @@ module InvisibleCaptcha
   module ControllerExt
     module ClassMethods
       def invisible_captcha(options = {})
-        if respond_to? :before_action
+        if respond_to?(:before_action)
           before_action(options) do
             detect_spam(options)
           end
@@ -14,15 +14,17 @@ module InvisibleCaptcha
       end
     end
 
+    private
+
     def detect_spam(options = {})
-      if invisible_captcha_timestamp?(options)
-        on_timestamp_spam_action(options)
-      elsif invisible_captcha?(options)
-        on_spam_action(options)
+      if timestamp_spam?(options)
+        on_timestamp_spam(options)
+      elsif honeypot_spam?(options)
+        on_spam(options)
       end
     end
 
-    def on_timestamp_spam_action(options = {})
+    def on_timestamp_spam(options = {})
       if action = options[:on_timestamp_spam]
         send(action)
       else
@@ -34,23 +36,23 @@ module InvisibleCaptcha
       end
     end
 
-    def on_spam_action(options = {})
+    def on_spam(options = {})
       if action = options[:on_spam]
         send(action)
       else
-        default_on_spam
+        head(200)
       end
     end
 
-    def default_on_spam
-      head(200)
-    end
-
-    def invisible_captcha_timestamp?(options = {})
-      unless InvisibleCaptcha.timestamp_enabled
-        return false
+    def timestamp_spam?(options = {})
+      enabled = if options.key?(:timestamp_enabled)
+        options[:timestamp_enabled]
+      else
+        InvisibleCaptcha.timestamp_enabled
       end
 
+      return false unless enabled
+
       timestamp = session[:invisible_captcha_timestamp]
 
       # Consider as spam if timestamp not in session, cause that means the form was not fetched at all
@@ -60,31 +62,38 @@ module InvisibleCaptcha
       end
 
       time_to_submit = Time.zone.now - DateTime.iso8601(timestamp)
+      threshold = options[:timestamp_threshold] || InvisibleCaptcha.timestamp_threshold
 
       # Consider as spam if form submitted too quickly
-      if time_to_submit < (options[:timestamp_threshold] || InvisibleCaptcha.timestamp_threshold)
+      if time_to_submit < threshold
         logger.warn("Potential spam detected for IP #{request.env['REMOTE_ADDR']}. Invisible Captcha timestamp threshold not reached (took #{time_to_submit.to_i}s).")
         return true
       end
+
       false
     end
 
-    def invisible_captcha?(options = {})
+    def honeypot_spam?(options = {})
       honeypot = options[:honeypot]
       scope    = options[:scope] || controller_name.singularize
 
       if honeypot
-        # If honeypot is presented, search for:
+        # If honeypot is defined for this controller-action, search for:
         # - honeypot: params[:subtitle]
         # - honeypot with scope: params[:topic][:subtitle]
         if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
           return true
+        else
+          # No honeypot spam detected, remove honeypot from params to avoid UnpermittedParameters exceptions
+          params.delete(honeypot) if params.key?(honeypot)
+          params[scope].try(:delete, honeypot) if params.key?(scope)
         end
       else
-        InvisibleCaptcha.honeypots.each do |field|
-          return true if params[field].present?
+        InvisibleCaptcha.honeypots.each do |default_honeypot|
+          return true if params[default_honeypot].present?
         end
       end
+
       false
     end
   end

data/lib/invisible_captcha/version.rb

@@ -1,3 +1,3 @@
 module InvisibleCaptcha
-  VERSION = "0.9.3"
+  VERSION = "0.10.0"
 end

data/lib/invisible_captcha/view_helpers.rb

@@ -4,14 +4,22 @@ module InvisibleCaptcha
     #
     # @param honeypot [Symbol] name of honeypot, ie: subtitle => input name: subtitle
     # @param scope [Symbol] name of honeypot scope, ie: topic => input name: topic[subtitle]
+    # @param options [Hash] html_options for input and invisible_captcha options
+    #
     # @return [String] the generated html
     def invisible_captcha(honeypot = nil, scope = nil, options = {})
       if InvisibleCaptcha.timestamp_enabled
-        session[:invisible_captcha_timestamp] ||= Time.zone.now.iso8601
+        session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
       end
       build_invisible_captcha(honeypot, scope, options)
     end
 
+    def invisible_captcha_styles
+      if content_for?(:invisible_captcha_styles)
+        content_for(:invisible_captcha_styles)
+      end
+    end
+
     private
 
     def build_invisible_captcha(honeypot = nil, scope = nil, options = {})
@@ -20,30 +28,34 @@ module InvisibleCaptcha
         honeypot = nil
       end
 
-      honeypot = honeypot ? honeypot.to_s : InvisibleCaptcha.get_honeypot
-      label    = options[:sentence_for_humans] || InvisibleCaptcha.sentence_for_humans
-      html_id  = generate_html_id(honeypot, scope)
+      honeypot  = honeypot ? honeypot.to_s : InvisibleCaptcha.get_honeypot
+      label     = options.delete(:sentence_for_humans) || InvisibleCaptcha.sentence_for_humans
+      css_class = "#{honeypot}_#{Time.zone.now.to_i}"
+
+      styles = visibility_css(css_class, options)
 
-      content_tag(:div, :id => html_id) do
-        concat visibility_css(html_id, options)
+      provide(:invisible_captcha_styles) do
+        styles
+      end if InvisibleCaptcha.injectable_styles
+
+      content_tag(:div, class: css_class) do
+        concat styles unless InvisibleCaptcha.injectable_styles
         concat label_tag(build_label_name(honeypot, scope), label)
-        concat text_field_tag(build_text_field_name(honeypot, scope))
+        concat text_field_tag(build_text_field_name(honeypot, scope), nil, options.merge(tabindex: -1))
       end
     end
 
-    def generate_html_id(honeypot, scope = nil)
-      "#{scope || honeypot}_#{Time.zone.now.to_i}"
-    end
-
-    def visibility_css(container_id, options)
-      visibility = if options.key?(:visual_honeypots)
-        options[:visual_honeypots]
+    def visibility_css(css_class, options)
+      visible = if options.key?(:visual_honeypots)
+        options.delete(:visual_honeypots)
       else
         InvisibleCaptcha.visual_honeypots
       end
 
-      content_tag(:style, :type => 'text/css', :media => 'screen', :scoped => 'scoped') do
-        "##{container_id} { display:none; }" unless visibility
+      return if visible
+
+      content_tag(:style, media: 'screen') do
+        ".#{css_class} {#{InvisibleCaptcha.css_strategy}}"
       end
     end
 

data/spec/controllers_spec.rb

@@ -19,25 +19,29 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
     end
   end
 
-  before do
+  before(:each) do
     @controller = TopicsController.new
+    request.env['HTTP_REFERER'] = 'http://test.host/topics'
+    InvisibleCaptcha.init!
     InvisibleCaptcha.timestamp_threshold = 1
-    InvisibleCaptcha.timestamp_enabled = true
   end
 
   context 'without invisible_captcha_timestamp in session' do
     it 'fails like if it was submitted too fast' do
-      request.env['HTTP_REFERER'] = 'http://test.host/topics'
       switchable_post :create, topic: { title: 'foo' }
 
       expect(response).to redirect_to 'http://test.host/topics'
       expect(flash[:error]).to eq(InvisibleCaptcha.timestamp_error_message)
     end
-  end
 
-  context 'without invisible_captcha_timestamp in session and timestamp_enabled=false' do
-    it 'does not fail like if it was submitted too fast' do
-      request.env['HTTP_REFERER'] = 'http://test.host/topics'
+    it 'passes if disabled at action level' do
+      switchable_post :copy, topic: { title: 'foo' }
+
+      expect(flash[:error]).not_to be_present
+      expect(response.body).to be_present
+    end
+
+    it 'passes if disabled at app level' do
       InvisibleCaptcha.timestamp_enabled = false
       switchable_post :create, topic: { title: 'foo' }
 
@@ -47,22 +51,21 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
   end
 
   context 'submission timestamp_threshold' do
-    before do
+    before(:each) do
       session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
     end
 
     it 'fails if submission before timestamp_threshold' do
-      request.env['HTTP_REFERER'] = 'http://test.host/topics'
       switchable_post :create, topic: { title: 'foo' }
 
       expect(response).to redirect_to 'http://test.host/topics'
       expect(flash[:error]).to eq(InvisibleCaptcha.timestamp_error_message)
     end
 
-    it 'allow custom on_timestamp_spam callback' do
+    it 'allow a custom on_timestamp_spam callback' do
       switchable_put :update, id: 1, topic: { title: 'bar' }
 
-      expect(response).to redirect_to(root_path)
+      expect(response.status).to eq(204)
     end
 
     context 'successful submissions' do
@@ -87,7 +90,7 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
   end
 
   context 'honeypot attribute' do
-    before do
+    before(:each) do
       session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
       # Wait for valid submission
       sleep InvisibleCaptcha.timestamp_threshold
@@ -105,10 +108,17 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
       expect(response.body).to be_present
     end
 
-    it 'allow custom on_spam callback' do
+    it 'allow a custom on_spam callback' do
       switchable_put :update, id: 1, topic: { subtitle: 'foo' }
 
       expect(response.body).to redirect_to(new_topic_path)
     end
+
+    it 'honeypot is removed from params if you use a custom honeypot' do
+      switchable_post :create, topic: { title: 'foo', subtitle: '' }
+
+      expect(flash[:error]).not_to be_present
+      expect(@controller.params[:topic].key?(:subtitle)).to eq(false)
+    end
   end
 end

data/spec/dummy/README.md

@@ -1,3 +1,9 @@
 # Dummy App
 
 Dummy Rails Application to test `Invisible Captcha`.
+
+It's also used as a demo application to show `Invisible Captcha` in action. You can run the app by using the following command, from the root of the project:
+
+    > bundle exec rake web
+
+[« Back to Docs](https://github.com/markets/invisible_captcha#invisible-captcha)

data/spec/dummy/app/assets/javascripts/application.js

@@ -1,15 +1 @@
-// This is a manifest file that'll be compiled into application.js, which will include all the files
-// listed below.
-//
-// Any JavaScript/Coffee file within this directory, lib/assets/javascripts, vendor/assets/javascripts,
-// or vendor/assets/javascripts of plugins, if any, can be referenced here using a relative path.
-//
-// It's not advisable to add code directly here, but if you do, it'll appear at the bottom of the
-// the compiled file.
-//
-// WARNING: THE FIRST BLANK LINE MARKS THE END OF WHAT'S TO BE PROCESSED, ANY BLANK LINE SHOULD
-// GO AFTER THE REQUIRES BELOW.
-//
-//= require jquery
-//= require jquery_ujs
-//= require_tree .
+console.log('Hi from Invisible Captcha!');

data/spec/dummy/app/assets/stylesheets/application.css

@@ -1,13 +1,31 @@
-/*
- * This is a manifest file that'll be compiled into application.css, which will include all the files
- * listed below.
- *
- * Any CSS and SCSS file within this directory, lib/assets/stylesheets, vendor/assets/stylesheets,
- * or vendor/assets/stylesheets of plugins, if any, can be referenced here using a relative path.
- *
- * You're free to add application-wide styles to this file and they'll appear at the top of the
- * compiled file, but it's generally better to create a new file per style scope.
- *
- *= require_self
- *= require_tree .
- */
+body {
+  font-family: Arial, Helvetica, sans-serif;
+  background-color: #ccc;
+  margin: 2em;
+}
+
+h1 {
+  border-bottom: 3px solid;
+}
+
+input,
+textarea {
+  border: 0;
+  margin-bottom: 1.5em;
+}
+
+input {
+  height: 2em;
+}
+
+button {
+  background-color: #f0f0f0;
+  border-radius: 0.25em;
+  height: 3em;
+  width: 10em;
+  font-size: 1em;
+}
+
+.errors {
+  color: darkred;
+}

data/spec/dummy/app/controllers/topics_controller.rb

@@ -1,10 +1,18 @@
 class TopicsController < ApplicationController
   invisible_captcha honeypot: :subtitle, only: :create
+
   invisible_captcha honeypot: :subtitle, only: :update,
                               on_spam: :custom_callback,
                               on_timestamp_spam: :custom_timestamp_callback
+
   invisible_captcha honeypot: :subtitle, only: :publish, timestamp_threshold: 2
 
+  invisible_captcha honeypot: :subtitle, only: :copy, timestamp_enabled: false
+
+  def index
+    redirect_to new_topic_path
+  end
+
   def new
     @topic = Topic.new
   end
@@ -26,6 +34,16 @@ class TopicsController < ApplicationController
     redirect_to new_topic_path
   end
 
+  def copy
+    @topic = Topic.new(params[:topic])
+
+    if @topic.valid?
+      redirect_to new_topic_path(context: params[:context]), notice: 'Success!'
+    else
+      render action: 'new'
+    end
+  end
+
   private
 
   def custom_callback
@@ -33,6 +51,6 @@ class TopicsController < ApplicationController
   end
 
   def custom_timestamp_callback
-    redirect_to root_path
+    head(204)
   end
 end

data/spec/dummy/app/models/topic.rb

@@ -2,9 +2,11 @@ class Topic
   include ActiveModel::Validations
   include ActiveModel::Conversion
 
-  attr_accessor :title, :body, :subtitle
+  attr_accessor :title, :author, :body, :subtitle
 
-  validates :title, presence: true
+  validates :title, length: { minimum: 5 }
+  validates :author, presence: true
+  validates :body, length: { minimum: 10 }
 
   def initialize(attributes = {})
     attributes.each do |name, value|

data/spec/dummy/app/views/layouts/application.html.erb

@@ -5,21 +5,25 @@
   <%= stylesheet_link_tag    "application", :media => "all" %>
   <%= javascript_include_tag "application" %>
   <%= csrf_meta_tags %>
+  <%= invisible_captcha_styles %>
 </head>
 <body>
+  <h1>InvisibleCaptcha v<%= InvisibleCaptcha::VERSION %> - Demo</h1>
 
-<%= link_to "Default", new_topic_path %> |
-<%= link_to "With visual honeypots", new_topic_path(context: "visual_honeypots") %>
+  <p>
+    <%= link_to "Default settings", new_topic_path %> |
+    <%= link_to "With visual honeypots", new_topic_path(context: "visual_honeypots") %> |
+    <%= link_to "With timestamp disabled", new_topic_path(context: "timestamp_disabled") %>
+  </p>
 
-<% flash.each do |key, value| %>
-  <ul>
-    <li>
-      <%= "[#{key.upcase}] #{value}" %>
-    </li>
-  </ul>
-<% end %>
+  <% flash.each do |key, value| %>
+    <ul class="errors">
+      <li>
+        <%= "[#{key.upcase}] #{value}" %>
+      </li>
+    </ul>
+  <% end %>
 
-<%= yield %>
-
-</body>
+  <%= yield %>
+  </body>
 </html>

data/spec/dummy/app/views/topics/new.html.erb

@@ -1,8 +1,6 @@
-<h1>New topic</h1>
-
 <% if @topic.errors.any? %>
-  <div>
-    <h2><%= pluralize(@topic.errors.count, "error") %> prohibited this record from being saved:</h2>
+  <div class="errors">
+    <strong><%= pluralize(@topic.errors.count, "error") %> prohibited this record from being saved:</strong>
     <ul>
       <% @topic.errors.full_messages.each do |msg| %>
         <li><%= msg %></li>
@@ -11,13 +9,13 @@
   </div>
 <% end %>
 
-<%= form_for(@topic) do |f| %>
+<%= form_for(@topic, url: { action: params[:context] == 'timestamp_disabled' ? :copy : :create }) do |f| %>
   <%= hidden_field_tag :context, params[:context] %>
 
-  <% if params[:context].blank? || params[:context] == 'default' %>
-    <%= f.invisible_captcha :subtitle %>
-  <% else %>
+  <% if params[:context] && params[:context] == 'visual_honeypots' %>
     <%= f.invisible_captcha :subtitle, visual_honeypots: true %>
+  <% else %>
+    <%= f.invisible_captcha :subtitle %>
   <% end %>
 
   <div class="field">
@@ -25,12 +23,17 @@
     <%= f.text_field :title %>
   </div>
 
+  <div class="field">
+    <%= f.label :author %><br />
+    <%= f.text_field :author %>
+  </div>
+
   <div class="field">
     <%= f.label :body %><br />
-    <%= f.text_area :body %>
+    <%= f.text_area :body, rows: 10, cols: 40 %>
   </div>
 
   <div class="actions">
-    <%= f.submit %>
+    <%= f.button 'Save' %>
   </div>
-<% end %>
+<% end %>

data/spec/dummy/config/application.rb

@@ -4,6 +4,7 @@ require 'action_controller/railtie'
 require 'action_view/railtie'
 require 'action_mailer/railtie'
 require 'active_model/railtie'
+require 'sprockets/railtie'
 
 # Require the gems listed in Gemfile, including any gems
 # you've limited to :test, :development, or :production.

data/spec/dummy/config/environments/development.rb

@@ -31,6 +31,9 @@ Dummy::Application.configure do
   # yet still be able to expire them through the digest params.
   # config.assets.digest = true
 
+  # quiet assets
+  config.assets.quiet = true
+
   # Adds additional error checking when serving assets at runtime.
   # Checks for improperly declared sprockets dependencies.
   # Raises helpful error messages.

data/spec/dummy/config/routes.rb

@@ -1,8 +1,7 @@
 Rails.application.routes.draw do
-  resources :topics, only: [:new, :create, :update] do
-    member do
-      post :publish
-    end
+  resources :topics do
+    post :publish, on: :member
+    post :copy, on: :collection
   end
 
   root to: 'topics#new'

data/spec/invisible_captcha_spec.rb

@@ -5,10 +5,10 @@ describe InvisibleCaptcha do
     InvisibleCaptcha.init!
 
     expect(InvisibleCaptcha.sentence_for_humans).to eq('If you are a human, ignore this field')
-    expect(InvisibleCaptcha.error_message).to eq('You are a robot!')
     expect(InvisibleCaptcha.timestamp_threshold).to eq(4.seconds)
     expect(InvisibleCaptcha.timestamp_error_message).to eq('Sorry, that was too quick! Please resubmit.')
-    expect(InvisibleCaptcha.honeypots).to eq(['foo_id', 'bar_id', 'baz_id'])
+    expect(InvisibleCaptcha.honeypots).to be_an_instance_of(Array)
+    expect(InvisibleCaptcha.injectable_styles).to eq(false)
   end
 
   it 'allow setup via block' do
@@ -27,28 +27,23 @@ describe InvisibleCaptcha do
     I18n.backend.store_translations(:en,
                                     'invisible_captcha' => {
                                        'sentence_for_humans' => "Can't touch this",
-                                       'error_message' => 'MR ROBOT',
                                        'timestamp_error_message' => 'Fast and furious' })
 
     I18n.backend.store_translations(:fr,
                                     'invisible_captcha' => {
                                        'sentence_for_humans' => 'Ne touchez pas',
-                                       'error_message' => 'Mon dieu, un robot!',
                                        'timestamp_error_message' => 'Plus doucement SVP' })
 
     I18n.locale = :en
     expect(InvisibleCaptcha.sentence_for_humans).to eq("Can't touch this")
-    expect(InvisibleCaptcha.error_message).to eq('MR ROBOT')
     expect(InvisibleCaptcha.timestamp_error_message).to eq('Fast and furious')
 
     I18n.locale = :fr
     expect(InvisibleCaptcha.sentence_for_humans).to eq('Ne touchez pas')
-    expect(InvisibleCaptcha.error_message).to eq('Mon dieu, un robot!')
     expect(InvisibleCaptcha.timestamp_error_message).to eq('Plus doucement SVP')
 
     I18n.backend.reload!
     expect(InvisibleCaptcha.sentence_for_humans).to eq('If you are a human, ignore this field')
-    expect(InvisibleCaptcha.error_message).to eq('You are a robot!')
     expect(InvisibleCaptcha.timestamp_error_message).to eq('Sorry, that was too quick! Please resubmit.')
   end
 end

data/spec/view_helpers_spec.rb

@@ -1,81 +1,75 @@
 require 'spec_helper'
 
 describe InvisibleCaptcha::ViewHelpers, type: :helper do
-  def helper_output(honeypot = nil, scope = nil, options = {})
-    honeypot ||= InvisibleCaptcha.get_honeypot
-    input_id   = build_label_name(honeypot, scope)
-    input_name = build_text_field_name(honeypot, scope)
-    html_id    = generate_html_id(honeypot, scope)
-    visibilty  = if options.key?(:visual_honeypots)
-      options[:visual_honeypots]
-    else
-      InvisibleCaptcha.visual_honeypots
-    end
-    style_attributes, input_attributes = if Gem::Version.new(Rails.version) > Gem::Version.new("4.2.0")
-      [
-        'type="text/css" media="screen" scoped="scoped"',
-        "type=\"text\" name=\"#{input_name}\" id=\"#{input_id}\""
-      ]
-    else
-      [
-        'media="screen" scoped="scoped" type="text/css"',
-        "id=\"#{input_id}\" name=\"#{input_name}\" type=\"text\""
-      ]
-    end
+  before(:each) do
+    allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
+    allow(InvisibleCaptcha).to receive(:css_strategy).and_return("display:none;")
 
-    %{
-      <div id="#{html_id}">
-        <style #{style_attributes}>#{visibilty ? '' : "##{html_id} { display:none; }"}</style>
-        <label for="#{input_id}">#{InvisibleCaptcha.sentence_for_humans}</label>
-        <input #{input_attributes} />
-      </div>
-    }.gsub(/\s+/, ' ').strip.gsub('> <', '><')
-  end
+    # to test content_for and provide
+    @view_flow = ActionView::OutputFlow.new
 
-  before do
-    allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
-    InvisibleCaptcha.visual_honeypots = false
-    InvisibleCaptcha.timestamp_enabled = true
+    InvisibleCaptcha.init!
   end
 
   it 'with no arguments' do
     InvisibleCaptcha.honeypots = [:foo_id]
-    expect(invisible_captcha).to eq(helper_output)
+    expect(invisible_captcha).to match(/name="foo_id"/)
   end
 
   it 'with specific honeypot' do
-    expect(invisible_captcha(:subtitle)).to eq(helper_output(:subtitle))
+    expect(invisible_captcha(:subtitle)).to match(/name="subtitle"/)
   end
 
   it 'with specific honeypot and scope' do
-    expect(invisible_captcha(:subtitle, :topic)).to eq(helper_output(:subtitle, :topic))
+    expect(invisible_captcha(:subtitle, :topic)).to match(/name="topic\[subtitle\]"/)
+  end
+
+  it 'with custom html options' do
+    expect(invisible_captcha(:subtitle, :topic, { class: 'foo_class' })).to match(/class="foo_class"/)
+  end
+
+  it 'generated html + styles' do
+    InvisibleCaptcha.honeypots = [:foo_id]
+    output = invisible_captcha.gsub("\"", "'")
+    regexp = %r{<div class='foo_id_\w*'><style.*>.foo_id_\w* {display:none;}</style><label.*>#{InvisibleCaptcha.sentence_for_humans}.*<input.*name='foo_id'.*tabindex='-1'.*</div>}
+
+    expect(output).to match(regexp)
   end
 
   context "honeypot visibilty" do
     it 'visible from defaults' do
-      InvisibleCaptcha.honeypots = [:foo_id]
       InvisibleCaptcha.visual_honeypots = true
 
-      expect(invisible_captcha).to eq(helper_output)
+      expect(invisible_captcha).not_to match(/display:none/)
     end
 
     it 'visible from given instance (default override)' do
-      InvisibleCaptcha.honeypots = [:foo_id]
-
-      expect(invisible_captcha(visual_honeypots: true)).to eq(helper_output(nil, nil, visual_honeypots: true))
+      expect(invisible_captcha(visual_honeypots: true)).not_to match(/display:none/)
     end
 
     it 'invisible from given instance (default override)' do
-      InvisibleCaptcha.honeypots = [:foo_id]
       InvisibleCaptcha.visual_honeypots = true
 
-      expect(invisible_captcha(visual_honeypots: false)).to eq(helper_output(nil, nil, visual_honeypots: false))
+      expect(invisible_captcha(visual_honeypots: false)).to match(/display:none/)
     end
   end
 
   it 'should set spam timestamp' do
-    InvisibleCaptcha.honeypots = [:foo_id]
     invisible_captcha
     expect(session[:invisible_captcha_timestamp]).to eq(Time.zone.now.iso8601)
   end
+
+  context 'injectable_styles option' do
+    it 'by default, render styles along with the honeypot' do
+      expect(invisible_captcha).to match(/display:none/)
+      expect(helper.content_for(:invisible_captcha_styles)).to be_blank
+    end
+
+    it 'if injectable_styles is set, do not append styles inline' do
+      InvisibleCaptcha.injectable_styles = true
+
+      expect(invisible_captcha).not_to match(/display:none;/)
+      expect(helper.content_for(:invisible_captcha_styles)).to match(/display:none;/)
+    end
+  end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invisible_captcha
 version: !ruby/object:Gem::Version
-  version: 0.9.3
+  version: 0.10.0
 platform: ruby
 authors:
 - Marc Anguera Insa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2017-07-17 00:00:00.000000000 Z
+date: 2017-12-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -67,19 +67,19 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '3.0'
 - !ruby/object:Gem::Dependency
-  name: mime-types
+  name: byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
   type: :development
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
-    - - "<"
+    - - ">="
       - !ruby/object:Gem::Version
-        version: '3.0'
+        version: '0'
 description: Unobtrusive, flexible and simple spam protection for Rails applications
   using honeypot strategy for better user experience.
 email:
@@ -116,7 +116,6 @@ files:
 - spec/dummy/app/controllers/topics_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
 - spec/dummy/app/mailers/.gitkeep
-- spec/dummy/app/models/.gitkeep
 - spec/dummy/app/models/topic.rb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/topics/new.html.erb
@@ -135,7 +134,6 @@ files:
 - spec/dummy/config/initializers/cookies_serializer.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/invisible_captcha.rb
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb
@@ -172,7 +170,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
       version: '0'
 requirements: []
 rubyforge_project: 
-rubygems_version: 2.5.2
+rubygems_version: 2.6.13
 signing_key: 
 specification_version: 4
 summary: Simple honeypot protection for RoR apps
@@ -186,7 +184,6 @@ test_files:
 - spec/dummy/app/controllers/topics_controller.rb
 - spec/dummy/app/helpers/application_helper.rb
 - spec/dummy/app/mailers/.gitkeep
-- spec/dummy/app/models/.gitkeep
 - spec/dummy/app/models/topic.rb
 - spec/dummy/app/views/layouts/application.html.erb
 - spec/dummy/app/views/topics/new.html.erb
@@ -205,7 +202,6 @@ test_files:
 - spec/dummy/config/initializers/cookies_serializer.rb
 - spec/dummy/config/initializers/filter_parameter_logging.rb
 - spec/dummy/config/initializers/inflections.rb
-- spec/dummy/config/initializers/invisible_captcha.rb
 - spec/dummy/config/initializers/mime_types.rb
 - spec/dummy/config/initializers/secret_token.rb
 - spec/dummy/config/initializers/session_store.rb

data/spec/dummy/config/initializers/invisible_captcha.rb

@@ -1,6 +0,0 @@
-InvisibleCaptcha.setup do |config|
-  # config.sentence_for_humans = 'If you are a human, ignore this field'
-  # config.error_message       = 'You are a robot!'
-  # config.honeypots          += 'fake_resource_title'
-  # config.visual_honeypots    = false
-end