invisible_captcha 0.6.5 → 0.7.0

checksums.yaml

@@ -0,0 +1,7 @@
+---
+SHA1:
+  metadata.gz: 57c21321c483942e15254c832843c09cbbba7830
+  data.tar.gz: 6c18c874fdd903093e1695a362064fd2d2b274cc
+SHA512:
+  metadata.gz: ed8400648117aac3086d26176f2f9d67eb615f737f4078ed5c817bb3604ac8d85b295266c92bcca9ceeba25953ee68601a69a79044b804b3287bfd8c28b1eaf0
+  data.tar.gz: be584800363bf741d078f3a09f931e98544da1af91ce7757b78b2d5e4e8f896ab93583f974a7a471f8da20ba37c0fdb85f48e52b1be163cdeba3716b6acc0ca1

data/.gitignore

@@ -1,4 +1,6 @@
 .bundle
 pkg
 .rvmrc
-Gemfile.lock
+Gemfile.lock
+spec/dummy/log/*.log
+spec/dummy/tmp/

data/.travis.yml

@@ -0,0 +1,5 @@
+language: ruby
+rvm:
+  - 2.1
+  - 2.0
+  - 1.9.3

data/README.md

@@ -1,106 +1,166 @@
 # Invisible Captcha
-Simple and flexible spam protection solution for Rails applications using honeypot strategy and for better user experience.
-Support for ActiveRecord (and ActiveModel) forms and for non-RESTful resources.
+
+[![Gem Version](https://badge.fury.io/rb/invisible_captcha.svg)](http://badge.fury.io/rb/invisible_captcha) [![Build Status](https://travis-ci.org/markets/invisible_captcha.svg)](https://travis-ci.org/markets/invisible_captcha)
+
+Simple and flexible spam protection solution for Rails applications. Based on the `honeypot` strategy to provide a better user experience.
+
+**Background**
+
+The strategy is based on adding an input field into the form that:
+
+* shouldn't be visible by the real users
+* should be left empty by the real users
+* will most be filled by spam bots
 
 ## Installation
+
 Add this line to you Gemfile:
 
 ```
 gem 'invisible_captcha'
 ```
 
-Or install gem manually:
+Or install the gem manually:
 
 ```
-gem install invisible_captcha
+$ gem install invisible_captcha
 ```
 
 ## Usage
-There are different ways to implement:
 
-### Model style
+There are different ways to implement, at Controller level or Model level:
+
+### Controller style
+
 View code:
 
 ```erb
-<%= form_for(@topic) do |f| %>
-  <%= f.invisible_captcha :subtitle %>
+<%= form_tag(create_topic_path) do |f| %>
+  <%= invisible_captcha %>
 <% end %>
 ```
 
-Model code:
+Controller code:
 
 ```ruby
-class Topic < ActiveRecord::Base
-  attr_accessor :subtitle # virtual attribute, the honeypot
-  validates :subtitle, :invisible_captcha => true
+class TopicsController < ApplicationController
+  invisible_captcha only: [:create, :update]
 end
 ```
 
-If you are using [strong_parameters](https://github.com/rails/strong_parameters), don't forget to keep the honeypot attribute into the params hash:
+This method will act as a `before_filter` that triggers when spam is detected (honeypot field has some value). By default it responds with no content (only headers: `head(200)`). But you are able to define your own callback by passing a method to the `on_spam` option:
+
 ```ruby
-def topic_params
-  params.require(:topic).permit(:subtitle)
+invisible_captcha only: [:create, :update], on_spam: :your_on_spam_callback_method
+
+private
+
+def your_on_spam_callback_method
+  redirect_to root_path
 end
 ```
 
-### Controller style
-View code:
+[Check here a complete list of allowed options.](#controller-method-options)
+
+### Controller style (resource oriented):
+
+In your form:
 
 ```erb
 <%= form_for(@topic) do |f| %>
-  <%= invisible_captcha %>
+  <%= f.invisible_captcha :subtitle %>
+  <!-- or -->
+  <%= invisible_captcha :subtitle, :topic %>
 <% end %>
 ```
 
-Controller code:
+In your controller:
 
 ```ruby
-class TopicsController < ApplicationController
-  before_filter :check_invisible_captcha # :only => [:create, :update]
-  # your controller code
-end
+invisible_captcha only: [:create, :update], honeypot: :subtitle
 ```
 
-This filter triggers when the spam is the in params and responds without content (only headers). If you desire a different behaviour, you can use a provided method to check manualy if invisible captcha (fake field) is present:
-
-```ruby
-if invisible_captcha?
-  # spam present
-else
-  # no spam
-end
-```
+### Model style
 
-### Controller style (resource oriented):
+View code:
 
-In your form:
 ```erb
 <%= form_for(@topic) do |f| %>
   <%= f.invisible_captcha :subtitle %>
 <% end %>
 ```
 
-In your controller:
+Model code:
+
 ```ruby
-def create
-  if invisible_captcha?(:topic, :subtitle)
-    head 200 # or redirect_to new_topic_path
-  else
-    # regular workflow
-  end
+class Topic < ActiveRecord::Base
+  attr_accessor :subtitle # define a virtual attribute, the honeypot
+  validates :subtitle, :invisible_captcha => true
 end
 ```
 
-### Setup
-If you want to customize some defaults, add the following to an initializer (config/initializers/invisible_captcha.rb):
+If you are using [strong_parameters](https://github.com/rails/strong_parameters) (by default in Rails 4), don't forget to keep the honeypot attribute into the params hash:
+
+```ruby
+def topic_params
+  params.require(:topic).permit(:subtitle)
+end
+```
+
+## Options and customization
+
+This section contains the option list of `invisible_captcha` method (controllers side) and the plugin setup options (initializer).
+
+### Controller method options:
+
+The `invisible_captcha` method accepts some options:
+
+* `only`: apply to given controller actions.
+* `except`: exclude to given controller actions.
+* `honeypot`: name of honeypot.
+* `scope`: name of scope, ie: 'topic[subtitle]' -> 'topic' is the scope.
+* `on_spam`: custom callback to be called on spam detection.
+
+### Plugin options:
+
+You also can customize some plugin options:
+
+* `sentence_for_humans`: text for real users if input field was visible.
+* `error_message`: error message thrown by model validation (only model implementation).
+* `honeypots`: collection of default honeypots, used by the view helper, called with no args, to generate the honeypot field name
+* `visual_honeypots`: make honeypots visible, useful to test/debug your implementation.
+
+To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
 
 ```ruby
-InvisibleCaptcha.setup do |ic|
-  ic.sentence_for_humans = 'If you are a human, ignore this field'
-  ic.error_message = 'You are a robot!'
-  ic.fake_fields << 'another_fake_field'
+InvisibleCaptcha.setup do |config|
+  config.sentence_for_humans = 'If you are a human, ignore this field'
+  config.error_message       = 'You are a robot!'
+  config.honeypots          += 'fake_resource_title'
+  config.visual_honeypots    = false
 end
 ```
 
+## Contribute
+
+Any kind of idea, feedback or bug report are welcome! Open an [issue](https://github.com/markets/invisible_captcha/issues) or send a [pull request](https://github.com/markets/invisible_captcha/pulls).
+
+## Development
+
+Clone/fork this repository and start to hack.
+
+Run test suite:
+
+```
+$ rspec
+```
+
+Start a sample Rails app ([source code](spec/dummy)) with `InvisibleCaptcha` integrated:
+
+```
+$ rake web # PORT=4000 (default: 3000)
+```
+
 ## License
+
 Copyright (c) 2012-2014 Marc Anguera. Invisible Captcha is released under the [MIT](LICENSE) License.

data/Rakefile

@@ -1 +1,17 @@
-require "bundler/gem_tasks"
+require "bundler/gem_tasks"
+require 'rspec/core/rake_task'
+
+RSpec::Core::RakeTask.new(:spec)
+
+task :default => :spec
+
+desc 'Start development Rails app'
+task :web do
+  app_path = 'spec/dummy'
+  port     = ENV['PORT'] || 3000
+
+  puts "Starting application in http://localhost:#{port} ... \n"
+
+  Dir.chdir(app_path)
+  `rails s -p #{port}`
+end

data/invisible_captcha.gemspec

@@ -16,8 +16,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
 
-  spec.add_dependency "activemodel", ">= 0"
+  spec.add_dependency 'rails'
 
-  spec.add_development_dependency "debugger"
+  spec.add_development_dependency 'rspec-rails', '~> 3.1'
 end
 

data/lib/invisible_captcha.rb

@@ -1,32 +1,36 @@
 require 'invisible_captcha/version'
-require 'invisible_captcha/controller_methods'
+require 'invisible_captcha/controller_ext'
 require 'invisible_captcha/view_helpers'
 require 'invisible_captcha/form_helpers'
 require 'invisible_captcha/validator'
+require 'invisible_captcha/railtie'
 
 module InvisibleCaptcha
-  # Default sentence for humans if text field is visible
-  mattr_accessor :sentence_for_humans
-  self.sentence_for_humans = 'If you are a human, ignore this field'
-
-  # Default error message for validator
-  mattr_accessor :error_message
-  self.error_message = 'You are a robot!'
-
-  # Default fake fields for controller based workflow
-  mattr_accessor :fake_fields
-  self.fake_fields = ['foo_id', 'bar_id', 'baz_id']
-
-  # InvisibleCaptcha.setup do |ic|
-  #   ic.sentence_for_humans = 'Another sentence'
-  #   ic.error_message = 'Another error message'
-  #   ic.fake_fields << 'another_fake_field'
-  # end
-  def self.setup
-    yield(self)
-  end
+  class << self
+    attr_accessor :sentence_for_humans, :error_message, :honeypots, :visual_honeypots
+
+    def init!
+      # Default sentence for real users if text field was visible
+      self.sentence_for_humans = 'If you are a human, ignore this field'
+
+      # Default error message for validator
+      self.error_message = 'You are a robot!'
+
+      # Default fake fields for controller based workflow
+      self.honeypots = ['foo_id', 'bar_id', 'baz_id']
 
-  def self.fake_field
-    self.fake_fields.sample
+      # Make honeypots visibles
+      self.visual_honeypots = false
+    end
+
+    def setup
+      yield(self) if block_given?
+    end
+
+    def get_honeypot
+      honeypots.sample
+    end
   end
-end
+end
+
+InvisibleCaptcha.init!

data/lib/invisible_captcha/controller_ext.rb

@@ -0,0 +1,48 @@
+module InvisibleCaptcha
+  module ControllerExt
+    module ClassMethods
+      def invisible_captcha(options = {})
+        before_filter(options) do
+          detect_spam(options)
+        end
+      end
+    end
+
+    def detect_spam(options = {})
+      if invisible_captcha?(options)
+        on_spam_action(options)
+      end
+    end
+
+    def on_spam_action(options = {})
+      if action = options[:on_spam]
+        send(action)
+      else
+        default_on_spam
+      end
+    end
+
+    def default_on_spam
+      head(200)
+    end
+
+    def invisible_captcha?(options = {})
+      honeypot = options[:honeypot]
+      scope    = options[:scope] || controller_name.singularize
+
+      if honeypot
+        # If honeypot is presented, search for:
+        # - honeypot: params[:subtitle]
+        # - honeypot with scope: params[:topic][:subtitle]
+        if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
+          return true
+        end
+      else
+        InvisibleCaptcha.honeypots.each do |field|
+          return true if params[field].present?
+        end
+      end
+      false
+    end
+  end
+end

data/lib/invisible_captcha/form_helpers.rb

@@ -1,11 +1,7 @@
 module InvisibleCaptcha
   module FormHelpers
-
-    def invisible_captcha(method)
-      @template.invisible_captcha(self.object_name, method)
+    def invisible_captcha(honeypot)
+      @template.invisible_captcha(honeypot, self.object_name)
     end
-
   end
-end
-
-ActionView::Helpers::FormBuilder.send :include, InvisibleCaptcha::FormHelpers
+end

data/lib/invisible_captcha/railtie.rb

@@ -0,0 +1,9 @@
+module InvisibleCaptcha
+  class Railtie < Rails::Railtie
+    ActionController::Base.send :include, InvisibleCaptcha::ControllerExt
+    ActionController::Base.send :extend, InvisibleCaptcha::ControllerExt::ClassMethods
+    ActionView::Base.send :include, InvisibleCaptcha::ViewHelpers
+    ActionView::Helpers::FormBuilder.send :include, InvisibleCaptcha::FormHelpers
+    ActiveModel::Validations::InvisibleCaptchaValidator = InvisibleCaptcha::InvisibleCaptchaValidator
+  end
+end

data/lib/invisible_captcha/validator.rb

@@ -2,7 +2,6 @@ require 'active_model/validator'
 
 module InvisibleCaptcha
   class InvisibleCaptchaValidator < ActiveModel::EachValidator
-
     def validate_each(record, attribute, value)
       if invisible_captcha?(record, attribute)
         record.errors.clear
@@ -12,11 +11,8 @@ module InvisibleCaptcha
 
     private
 
-    def invisible_captcha?(object, attribute)
-      object.send(attribute).present?
+    def invisible_captcha?(object, honeypot)
+      object.send(honeypot).present?
     end
-  
   end
-end
-
-ActiveModel::Validations::InvisibleCaptchaValidator = InvisibleCaptcha::InvisibleCaptchaValidator
+end

data/lib/invisible_captcha/version.rb

@@ -1,3 +1,3 @@
 module InvisibleCaptcha
-  VERSION = "0.6.5"
+  VERSION = "0.7.0"
 end

data/lib/invisible_captcha/view_helpers.rb

@@ -1,50 +1,52 @@
 module InvisibleCaptcha
   module ViewHelpers
-
-    def invisible_captcha(resource = nil, method = nil)
-      build_invisible_captcha(resource, method)
+    # Builds the honeypot html
+    #
+    # @param honeypot [Symbol] name of honeypot, ie: subtitle => input name: subtitle
+    # @param scope [Symbol] name of honeypot scope, ie: topic => input name: topic[subtitle]
+    # @return [String] the generated html
+    def invisible_captcha(honeypot = nil, scope = nil)
+      build_invisible_captcha(honeypot, scope)
     end
 
     private
 
-    def build_invisible_captcha(resource = nil, method = nil)
-      resource   = resource ? resource.to_s : InvisibleCaptcha.fake_field
-      label      = InvisibleCaptcha.sentence_for_humans
-      html_id    = generate_html_id(resource)
+    def build_invisible_captcha(honeypot = nil, scope = nil)
+      honeypot = honeypot ? honeypot.to_s : InvisibleCaptcha.get_honeypot
+      label    = InvisibleCaptcha.sentence_for_humans
+      html_id  = generate_html_id(honeypot, scope)
 
       content_tag(:div, :id => html_id) do
         insert_inline_css(html_id) +
-        label_tag(build_label_name(resource, method), label) +
-        text_field_tag(build_text_field_name(resource, method))
+        label_tag(build_label_name(honeypot, scope), label) +
+        text_field_tag(build_text_field_name(honeypot, scope))
       end.html_safe
     end
 
-    def generate_html_id(resource)
-      "#{resource}_#{Time.now.to_i}"
+    def generate_html_id(honeypot, scope = nil)
+      "#{scope || honeypot}_#{Time.now.to_i}"
     end
 
     def insert_inline_css(container_id)
       content_tag(:style, :type => 'text/css', :media => 'screen', :scoped => 'scoped') do
-       "##{container_id} { display:none; }"
+       "##{container_id} { display:none; }" unless InvisibleCaptcha.visual_honeypots
       end
     end
 
-    def build_label_name(resource, method = nil)
-      if method.present?
-        "#{resource}_#{method}"
+    def build_label_name(honeypot, scope = nil)
+      if scope.present?
+        "#{scope}_#{honeypot}"
       else
-        resource
+        honeypot
       end
     end
 
-    def build_text_field_name(resource, method = nil)
-      if method.present?
-        "#{resource}[#{method}]"
+    def build_text_field_name(honeypot, scope = nil)
+      if scope.present?
+        "#{scope}[#{honeypot}]"
       else
-        resource
+        honeypot
       end
     end
   end
-end
-
-ActionView::Base.send :include, InvisibleCaptcha::ViewHelpers
+end