invisible_captcha 0.10.0 → 0.11.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +9 -15
- data/Appraisals +4 -4
- data/CHANGELOG.md +106 -0
- data/README.md +8 -2
- data/gemfiles/{rails_4.1.gemfile → rails_5.2.gemfile} +1 -1
- data/lib/invisible_captcha/controller_ext.rb +11 -3
- data/lib/invisible_captcha/version.rb +1 -1
- data/spec/view_helpers_spec.rb +2 -2
- metadata +4 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8e681b453a7901d41d318ded90fa7ef465537654
|
|
4
|
+
data.tar.gz: 41f47473ce607a8610cdf784d60407c83d294cbf
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 293b6539d38e67f8a95fc109aaf54d2d0f3af25695ab76c91b6427f8c132fb9bc7397c0aebef2bd2f78af65af65fc44a8468f9a6bd766294b496d781171d9104
|
|
7
|
+
data.tar.gz: f64232b5bbaf63be0a41b5996bbb97b2960b13c0c31b3d87f379444e6017420b32941310d891c52d613fadc8d2cf33bb5ea90b2839942692f8ccd5661b0c47bf
|
data/.travis.yml
CHANGED
|
@@ -3,29 +3,23 @@ cache: bundler
|
|
|
3
3
|
sudo: false
|
|
4
4
|
rvm:
|
|
5
5
|
- ruby-head
|
|
6
|
-
- 2.
|
|
7
|
-
- 2.
|
|
8
|
-
- 2.
|
|
9
|
-
- 2.
|
|
6
|
+
- 2.5.1
|
|
7
|
+
- 2.4.4
|
|
8
|
+
- 2.3.6
|
|
9
|
+
- 2.2.9
|
|
10
10
|
gemfile:
|
|
11
|
+
- gemfiles/rails_5.2.gemfile
|
|
11
12
|
- gemfiles/rails_5.1.gemfile
|
|
12
13
|
- gemfiles/rails_5.0.gemfile
|
|
13
14
|
- gemfiles/rails_4.2.gemfile
|
|
14
|
-
- gemfiles/rails_4.1.gemfile
|
|
15
15
|
- gemfiles/rails_3.2.gemfile
|
|
16
16
|
matrix:
|
|
17
17
|
exclude:
|
|
18
|
-
- rvm: 2.1.10
|
|
19
|
-
gemfile: gemfiles/rails_5.0.gemfile
|
|
20
|
-
- rvm: 2.1.10
|
|
21
|
-
gemfile: gemfiles/rails_5.1.gemfile
|
|
22
|
-
- rvm: 2.4.2
|
|
23
|
-
gemfile: gemfiles/rails_4.1.gemfile
|
|
24
|
-
- rvm: 2.4.2
|
|
25
|
-
gemfile: gemfiles/rails_3.2.gemfile
|
|
26
|
-
- rvm: ruby-head
|
|
27
|
-
gemfile: gemfiles/rails_4.1.gemfile
|
|
28
18
|
- rvm: ruby-head
|
|
29
19
|
gemfile: gemfiles/rails_3.2.gemfile
|
|
20
|
+
- rvm: 2.5.1
|
|
21
|
+
gemfile: gemfiles/rails_3.2.gemfile
|
|
22
|
+
- rvm: 2.4.4
|
|
23
|
+
gemfile: gemfiles/rails_3.2.gemfile
|
|
30
24
|
allow_failures:
|
|
31
25
|
- rvm: ruby-head
|
data/Appraisals
CHANGED
|
@@ -1,3 +1,7 @@
|
|
|
1
|
+
appraise "rails-5.2" do
|
|
2
|
+
gem "rails", "~> 5.2.0"
|
|
3
|
+
end
|
|
4
|
+
|
|
1
5
|
appraise "rails-5.1" do
|
|
2
6
|
gem "rails", "~> 5.1.0"
|
|
3
7
|
end
|
|
@@ -10,10 +14,6 @@ appraise "rails-4.2" do
|
|
|
10
14
|
gem "rails", github: 'rails/rails', branch: '4-2-stable'
|
|
11
15
|
end
|
|
12
16
|
|
|
13
|
-
appraise "rails-4.1" do
|
|
14
|
-
gem "rails", "~> 4.1.0"
|
|
15
|
-
end
|
|
16
|
-
|
|
17
17
|
appraise "rails-3.2" do
|
|
18
18
|
gem "rails", "~> 3.2.0"
|
|
19
19
|
end
|
data/CHANGELOG.md
ADDED
|
@@ -0,0 +1,106 @@
|
|
|
1
|
+
# Changelog
|
|
2
|
+
|
|
3
|
+
All notable changes to this project will be documented in this file.
|
|
4
|
+
|
|
5
|
+
## [0.11.0]
|
|
6
|
+
|
|
7
|
+
- Improve logging (#40, #41)
|
|
8
|
+
- Official Rails 5.2 support
|
|
9
|
+
- Drop Ruby 2.1 from CI
|
|
10
|
+
|
|
11
|
+
## [0.10.0]
|
|
12
|
+
|
|
13
|
+
- New timestamp on each request to avoid stale timestamps (#24)
|
|
14
|
+
- Allow to inject styles manually anywhere in the layout (#27)
|
|
15
|
+
- Allow to change threshold per action
|
|
16
|
+
- Dynamic css strategy to hide the honeypot
|
|
17
|
+
- Remove Ruby 1.9 support
|
|
18
|
+
- Random default honeypots on each restart
|
|
19
|
+
- Allow to pass html_options to honeypot input (#28)
|
|
20
|
+
- Improvements on demo application and tests
|
|
21
|
+
- Better strong parameters interaction (#30, #33)
|
|
22
|
+
|
|
23
|
+
## [0.9.3]
|
|
24
|
+
|
|
25
|
+
- Rails 5.1 support (#29)
|
|
26
|
+
- Modernize CI Rubies
|
|
27
|
+
|
|
28
|
+
## [0.9.2]
|
|
29
|
+
|
|
30
|
+
- Rails 5.0 official support (#23)
|
|
31
|
+
- Travis CI matrix improvements
|
|
32
|
+
|
|
33
|
+
## [0.9.1]
|
|
34
|
+
|
|
35
|
+
- Add option (`timestamp_enabled`) to disable timestamp check (#22)
|
|
36
|
+
|
|
37
|
+
## [0.9.0]
|
|
38
|
+
|
|
39
|
+
- Remove model style validations (#14)
|
|
40
|
+
- Consider as spam if timestamp not in session (#11)
|
|
41
|
+
- Allow to define a different threshold per action (#8)
|
|
42
|
+
- Appraisals integration (#8)
|
|
43
|
+
- CI improvements: use new Travis infrastructure (#8)
|
|
44
|
+
|
|
45
|
+
## [0.8.2]
|
|
46
|
+
|
|
47
|
+
- Default timestamp action redirects to back (#19)
|
|
48
|
+
- Stores timestamps as string in session (#17)
|
|
49
|
+
|
|
50
|
+
## [0.8.1]
|
|
51
|
+
|
|
52
|
+
- Time-sensitive form submissions (#7)
|
|
53
|
+
- I18n integration (#13)
|
|
54
|
+
|
|
55
|
+
## [0.8.0]
|
|
56
|
+
|
|
57
|
+
- Better Rails integration with `ActiveSupport.on_load` callbacks (#5)
|
|
58
|
+
- Allow to override settings via the view helper (#5)
|
|
59
|
+
|
|
60
|
+
## [0.7.0]
|
|
61
|
+
|
|
62
|
+
- Revamped code base to allow more customizations (#2)
|
|
63
|
+
- Added basic specs (#2)
|
|
64
|
+
- Travis integration (#2)
|
|
65
|
+
- Demo app (#2)
|
|
66
|
+
|
|
67
|
+
## [0.6.5]
|
|
68
|
+
|
|
69
|
+
- Stop using Jeweler
|
|
70
|
+
|
|
71
|
+
## [0.6.4]
|
|
72
|
+
|
|
73
|
+
- Docs! (#1)
|
|
74
|
+
|
|
75
|
+
## [0.6.3]
|
|
76
|
+
|
|
77
|
+
- Internal re-naming
|
|
78
|
+
|
|
79
|
+
## [0.6.2]
|
|
80
|
+
|
|
81
|
+
- Fix gem initialization
|
|
82
|
+
|
|
83
|
+
## [0.6.0]
|
|
84
|
+
|
|
85
|
+
- Allow to configure via `InvisibleCaptcha.setup` block
|
|
86
|
+
|
|
87
|
+
## [0.5.0]
|
|
88
|
+
|
|
89
|
+
- First version of controller filters
|
|
90
|
+
|
|
91
|
+
[0.11.0]: https://github.com/markets/invisible_captcha/compare/v0.10.0...v0.11.0
|
|
92
|
+
[0.10.0]: https://github.com/markets/invisible_captcha/compare/v0.9.3...v0.10.0
|
|
93
|
+
[0.9.3]: https://github.com/markets/invisible_captcha/compare/v0.9.2...v0.9.3
|
|
94
|
+
[0.9.2]: https://github.com/markets/invisible_captcha/compare/v0.9.1...v0.9.2
|
|
95
|
+
[0.9.1]: https://github.com/markets/invisible_captcha/compare/v0.9.0...v0.9.1
|
|
96
|
+
[0.9.0]: https://github.com/markets/invisible_captcha/compare/v0.8.2...v0.9.0
|
|
97
|
+
[0.8.2]: https://github.com/markets/invisible_captcha/compare/v0.8.1...v0.8.2
|
|
98
|
+
[0.8.1]: https://github.com/markets/invisible_captcha/compare/v0.8.0...v0.8.1
|
|
99
|
+
[0.8.0]: https://github.com/markets/invisible_captcha/compare/v0.7.0...v0.8.0
|
|
100
|
+
[0.7.0]: https://github.com/markets/invisible_captcha/compare/v0.6.5...v0.7.0
|
|
101
|
+
[0.6.5]: https://github.com/markets/invisible_captcha/compare/v0.6.4...v0.6.5
|
|
102
|
+
[0.6.4]: https://github.com/markets/invisible_captcha/compare/v0.6.3...v0.6.4
|
|
103
|
+
[0.6.3]: https://github.com/markets/invisible_captcha/compare/v0.6.2...v0.6.3
|
|
104
|
+
[0.6.2]: https://github.com/markets/invisible_captcha/compare/v0.6.0...v0.6.2
|
|
105
|
+
[0.6.0]: https://github.com/markets/invisible_captcha/compare/v0.5.0...v0.6.0
|
|
106
|
+
[0.5.0]: https://github.com/markets/invisible_captcha/compare/v0.4.1...v0.5.0
|
data/README.md
CHANGED
|
@@ -18,7 +18,7 @@ It also comes with a time-sensitive :hourglass: form submission.
|
|
|
18
18
|
|
|
19
19
|
## Installation
|
|
20
20
|
|
|
21
|
-
Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 2.
|
|
21
|
+
Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 2.2`.
|
|
22
22
|
|
|
23
23
|
Add this line to you Gemfile:
|
|
24
24
|
|
|
@@ -121,7 +121,7 @@ The `invisible_captcha` method accepts some options:
|
|
|
121
121
|
* `honeypot`: name of custom honeypot.
|
|
122
122
|
* `scope`: name of scope, ie: 'topic[subtitle]' -> 'topic' is the scope.
|
|
123
123
|
* `on_spam`: custom callback to be called on spam detection.
|
|
124
|
-
* `
|
|
124
|
+
* `timestamp_enabled`: enable/disable this technique at action level.
|
|
125
125
|
* `on_timestamp_spam`: custom callback to be called when form submitted too quickly. The default action redirects to `:back` printing a warning in `flash[:error]`.
|
|
126
126
|
* `timestamp_threshold`: custom threshold per controller/action. Overrides the global value for `InvisibleCaptcha.timestamp_threshold`.
|
|
127
127
|
|
|
@@ -179,6 +179,12 @@ $ bundle exec appraisal install
|
|
|
179
179
|
$ bundle exec appraisal rspec
|
|
180
180
|
```
|
|
181
181
|
|
|
182
|
+
Run specs against specific version:
|
|
183
|
+
|
|
184
|
+
```
|
|
185
|
+
$ bundle exec appraisal rails-5.2 rspec
|
|
186
|
+
```
|
|
187
|
+
|
|
182
188
|
### Demo
|
|
183
189
|
|
|
184
190
|
Start a sample Rails app ([source code](spec/dummy)) with `InvisibleCaptcha` integrated:
|
|
@@ -57,7 +57,7 @@ module InvisibleCaptcha
|
|
|
57
57
|
|
|
58
58
|
# Consider as spam if timestamp not in session, cause that means the form was not fetched at all
|
|
59
59
|
unless timestamp
|
|
60
|
-
|
|
60
|
+
warn("Invisible Captcha timestamp not found in session.")
|
|
61
61
|
return true
|
|
62
62
|
end
|
|
63
63
|
|
|
@@ -66,7 +66,7 @@ module InvisibleCaptcha
|
|
|
66
66
|
|
|
67
67
|
# Consider as spam if form submitted too quickly
|
|
68
68
|
if time_to_submit < threshold
|
|
69
|
-
|
|
69
|
+
warn("Invisible Captcha timestamp threshold not reached (took #{time_to_submit.to_i}s).")
|
|
70
70
|
return true
|
|
71
71
|
end
|
|
72
72
|
|
|
@@ -82,6 +82,7 @@ module InvisibleCaptcha
|
|
|
82
82
|
# - honeypot: params[:subtitle]
|
|
83
83
|
# - honeypot with scope: params[:topic][:subtitle]
|
|
84
84
|
if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
|
|
85
|
+
warn("Invisible Captcha honeypot param '#{honeypot}' was present.")
|
|
85
86
|
return true
|
|
86
87
|
else
|
|
87
88
|
# No honeypot spam detected, remove honeypot from params to avoid UnpermittedParameters exceptions
|
|
@@ -90,11 +91,18 @@ module InvisibleCaptcha
|
|
|
90
91
|
end
|
|
91
92
|
else
|
|
92
93
|
InvisibleCaptcha.honeypots.each do |default_honeypot|
|
|
93
|
-
|
|
94
|
+
if params[default_honeypot].present?
|
|
95
|
+
warn("Invisible Captcha honeypot param '#{default_honeypot}' was present.")
|
|
96
|
+
return true
|
|
97
|
+
end
|
|
94
98
|
end
|
|
95
99
|
end
|
|
96
100
|
|
|
97
101
|
false
|
|
98
102
|
end
|
|
103
|
+
|
|
104
|
+
def warn(message)
|
|
105
|
+
logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
|
|
106
|
+
end
|
|
99
107
|
end
|
|
100
108
|
end
|
data/spec/view_helpers_spec.rb
CHANGED
|
@@ -62,14 +62,14 @@ describe InvisibleCaptcha::ViewHelpers, type: :helper do
|
|
|
62
62
|
context 'injectable_styles option' do
|
|
63
63
|
it 'by default, render styles along with the honeypot' do
|
|
64
64
|
expect(invisible_captcha).to match(/display:none/)
|
|
65
|
-
expect(
|
|
65
|
+
expect(@view_flow.content[:invisible_captcha_styles]).to be_blank
|
|
66
66
|
end
|
|
67
67
|
|
|
68
68
|
it 'if injectable_styles is set, do not append styles inline' do
|
|
69
69
|
InvisibleCaptcha.injectable_styles = true
|
|
70
70
|
|
|
71
71
|
expect(invisible_captcha).not_to match(/display:none;/)
|
|
72
|
-
expect(
|
|
72
|
+
expect(@view_flow.content[:invisible_captcha_styles]).to match(/display:none;/)
|
|
73
73
|
end
|
|
74
74
|
end
|
|
75
75
|
end
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: 0.11.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2018-10-12 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -91,15 +91,16 @@ files:
|
|
|
91
91
|
- ".gitignore"
|
|
92
92
|
- ".travis.yml"
|
|
93
93
|
- Appraisals
|
|
94
|
+
- CHANGELOG.md
|
|
94
95
|
- Gemfile
|
|
95
96
|
- LICENSE
|
|
96
97
|
- README.md
|
|
97
98
|
- Rakefile
|
|
98
99
|
- gemfiles/rails_3.2.gemfile
|
|
99
|
-
- gemfiles/rails_4.1.gemfile
|
|
100
100
|
- gemfiles/rails_4.2.gemfile
|
|
101
101
|
- gemfiles/rails_5.0.gemfile
|
|
102
102
|
- gemfiles/rails_5.1.gemfile
|
|
103
|
+
- gemfiles/rails_5.2.gemfile
|
|
103
104
|
- invisible_captcha.gemspec
|
|
104
105
|
- lib/invisible_captcha.rb
|
|
105
106
|
- lib/invisible_captcha/controller_ext.rb
|