invisible_captcha 0.11.0 → 0.12.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 8e681b453a7901d41d318ded90fa7ef465537654
-  data.tar.gz: 41f47473ce607a8610cdf784d60407c83d294cbf
+  metadata.gz: 69fb2a8c65477376dbea0a7162151d6c100282dc
+  data.tar.gz: b5f5134aff6f55b7d766972151ce85194cadd3e6
 SHA512:
-  metadata.gz: 293b6539d38e67f8a95fc109aaf54d2d0f3af25695ab76c91b6427f8c132fb9bc7397c0aebef2bd2f78af65af65fc44a8468f9a6bd766294b496d781171d9104
-  data.tar.gz: f64232b5bbaf63be0a41b5996bbb97b2960b13c0c31b3d87f379444e6017420b32941310d891c52d613fadc8d2cf33bb5ea90b2839942692f8ccd5661b0c47bf
+  metadata.gz: 390075abc680625ac3eee6b237765336554c5e7eec9c06acb368aa1b7f403ef4c1fc8b7ff21170fde71217b7704dc85b4d797e2f4760c9e255a464c7367deda5
+  data.tar.gz: be7d59009de1f3d70485fc19dd6e3bb5b8f0537a5f2e51b879a33ff8a4de9d7832bc81583ca3cf2f5f229ddd1fdde8c54f0e1201127a4e6941974b410f0127b2

data/CHANGELOG.md

@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## [0.12.0]
+
+- Honeypot input with autocomplete="off" by default (#42)
+
 ## [0.11.0]
 
 - Improve logging (#40, #41)
@@ -88,6 +92,7 @@ All notable changes to this project will be documented in this file.
 
 - First version of controller filters
 
+[0.12.0]: https://github.com/markets/invisible_captcha/compare/v0.11.0...v0.12.0
 [0.11.0]: https://github.com/markets/invisible_captcha/compare/v0.10.0...v0.11.0
 [0.10.0]: https://github.com/markets/invisible_captcha/compare/v0.9.3...v0.10.0
 [0.9.3]: https://github.com/markets/invisible_captcha/compare/v0.9.2...v0.9.3

data/README.md

@@ -1,6 +1,7 @@
 # Invisible Captcha
 
-[![Gem Version](https://badge.fury.io/rb/invisible_captcha.svg)](http://badge.fury.io/rb/invisible_captcha) [![Build Status](https://travis-ci.org/markets/invisible_captcha.svg)](https://travis-ci.org/markets/invisible_captcha)
+[![Gem](https://img.shields.io/gem/v/invisible_captcha.svg?style=flat-square)](https://rubygems.org/gems/invisible_captcha)
+[![Build Status](https://travis-ci.org/markets/invisible_captcha.svg)](https://travis-ci.org/markets/invisible_captcha)
 
 > Simple and flexible spam protection solution for Rails applications.
 
@@ -10,9 +11,9 @@ The main protection is a solution based on the `honeypot` principle, which provi
 
 Essentially, the strategy consists on adding an input field :honey_pot: into the form that:
 
-* shouldn't be visible by the real users
-* should be left empty by the real users
-* will most be filled by spam bots
+- shouldn't be visible by the real users
+- should be left empty by the real users
+- will most be filled by spam bots
 
 It also comes with a time-sensitive :hourglass: form submission.
 
@@ -88,13 +89,13 @@ This section contains a description of all plugin options and customizations.
 
 You can customize:
 
-* `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
-* `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated.
-* `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
-* `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](http://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
-* `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
-* `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
-* `injectable_styles`: if enabled, you should call anywhere in your layout the following helper `<%= invisible_captcha_styles %>`. This allows you to inject styles, for example, in `<head>`. False by default, styles are injected inline with the honeypot.
+- `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
+- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated.
+- `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
+- `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](https://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
+- `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
+- `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
+- `injectable_styles`: if enabled, you should call anywhere in your layout the following helper `<%= invisible_captcha_styles %>`. This allows you to inject styles, for example, in `<head>`. False by default, styles are injected inline with the honeypot.
 
 To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
 
@@ -116,24 +117,31 @@ end
 
 The `invisible_captcha` method accepts some options:
 
-* `only`: apply to given controller actions.
-* `except`: exclude to given controller actions.
-* `honeypot`: name of custom honeypot.
-* `scope`: name of scope, ie: 'topic[subtitle]' -> 'topic' is the scope.
-* `on_spam`: custom callback to be called on spam detection.
-* `timestamp_enabled`: enable/disable this technique at action level.
-* `on_timestamp_spam`: custom callback to be called when form submitted too quickly. The default action redirects to `:back` printing a warning in `flash[:error]`.
-* `timestamp_threshold`: custom threshold per controller/action. Overrides the global value for `InvisibleCaptcha.timestamp_threshold`.
+- `only`: apply to given controller actions.
+- `except`: exclude to given controller actions.
+- `honeypot`: name of custom honeypot.
+- `scope`: name of scope, ie: 'topic[subtitle]' -> 'topic' is the scope.
+- `on_spam`: custom callback to be called on spam detection.
+- `timestamp_enabled`: enable/disable this technique at action level.
+- `on_timestamp_spam`: custom callback to be called when form submitted too quickly. The default action redirects to `:back` printing a warning in `flash[:error]`.
+- `timestamp_threshold`: custom threshold per controller/action. Overrides the global value for `InvisibleCaptcha.timestamp_threshold`.
 
 ### View helpers options:
 
-Using the view/form helper you can override some defaults for the given instance. Actually, it allows to change: `sentence_for_humans` and `visual_honeypots`.
+Using the view/form helper you can override some defaults for the given instance. Actually, it allows to change:
+
+- `sentence_for_humans`
 
 ```erb
 <%= form_for(@topic) do |f| %>
-  <%= f.invisible_captcha :subtitle, visual_honeypots: true, sentence_for_humans: "hey! leave this input empty!" %>
-  <!-- or -->
-  <%= invisible_captcha visual_honeypots: true, sentence_for_humans: "hey! leave this input empty!" %>
+  <%= f.invisible_captcha :subtitle, sentence_for_humans: "hey! leave this input empty!" %>
+<% end %>
+```
+- `visual_honeypots`
+
+```erb
+<%= form_for(@topic) do |f| %>
+  <%= f.invisible_captcha :subtitle, visual_honeypots: true %>
 <% end %>
 ```
 

data/lib/invisible_captcha/version.rb

@@ -1,3 +1,3 @@
 module InvisibleCaptcha
-  VERSION = "0.11.0"
+  VERSION = "0.12.0"
 end

data/lib/invisible_captcha/view_helpers.rb

@@ -41,7 +41,7 @@ module InvisibleCaptcha
       content_tag(:div, class: css_class) do
         concat styles unless InvisibleCaptcha.injectable_styles
         concat label_tag(build_label_name(honeypot, scope), label)
-        concat text_field_tag(build_text_field_name(honeypot, scope), nil, options.merge(tabindex: -1))
+        concat text_field_tag(build_input_name(honeypot, scope), nil, default_honeypot_options.merge(options))
       end
     end
 
@@ -67,12 +67,16 @@ module InvisibleCaptcha
       end
     end
 
-    def build_text_field_name(honeypot, scope = nil)
+    def build_input_name(honeypot, scope = nil)
       if scope.present?
         "#{scope}[#{honeypot}]"
       else
         honeypot
       end
     end
+
+    def default_honeypot_options
+      { autocomplete: 'off', tabindex: -1 }
+    end
   end
 end

data/spec/view_helpers_spec.rb

@@ -31,7 +31,7 @@ describe InvisibleCaptcha::ViewHelpers, type: :helper do
   it 'generated html + styles' do
     InvisibleCaptcha.honeypots = [:foo_id]
     output = invisible_captcha.gsub("\"", "'")
-    regexp = %r{<div class='foo_id_\w*'><style.*>.foo_id_\w* {display:none;}</style><label.*>#{InvisibleCaptcha.sentence_for_humans}.*<input.*name='foo_id'.*tabindex='-1'.*</div>}
+    regexp = %r{<div class='foo_id_\w*'><style.*>.foo_id_\w* {display:none;}</style><label.*>#{InvisibleCaptcha.sentence_for_humans}</label><input (?=.*name='foo_id'.*)(?=.*autocomplete='off'.*)(?=.*tabindex='-1'.*).*/></div>}
 
     expect(output).to match(regexp)
   end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invisible_captcha
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.12.0
 platform: ruby
 authors:
 - Marc Anguera Insa
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-12 00:00:00.000000000 Z
+date: 2018-12-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails