invisible_captcha 0.9.0 → 0.9.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/README.md +5 -3
- data/lib/invisible_captcha.rb +4 -0
- data/lib/invisible_captcha/controller_ext.rb +4 -0
- data/lib/invisible_captcha/version.rb +1 -1
- data/lib/invisible_captcha/view_helpers.rb +3 -1
- data/spec/controllers_spec.rb +12 -0
- data/spec/view_helpers_spec.rb +1 -0
- metadata +3 -3
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA1:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 6667c856fdf4fb2ae0147d0d2d3d0531f8fab862
|
|
4
|
+
data.tar.gz: 7d2dadae6a9010c3614166343221fc0064fe9bc2
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: a76b88b892d95a1d72fcf5f2bffb2165c0608554feab107ca5a61e25db4a6b2e4eb3349ecba9b7e0c817d2766c23bb6ebd6723fa20717f8b3518ea38583ebab8
|
|
7
|
+
data.tar.gz: b15a66cfab3ec429aaafcdcd310e66f178cf17ab1375d58f0f0454b75b00059600295d5b54df404630ba8ceb0d596a84b6f688312bdeb2c04e696d7d211ddf04
|
data/README.md
CHANGED
|
@@ -90,15 +90,17 @@ You can customize:
|
|
|
90
90
|
* `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name.
|
|
91
91
|
* `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
|
|
92
92
|
* `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](http://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
|
|
93
|
+
* `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
|
|
93
94
|
* `timestamp_error_message`: flash error message thrown when form submitted quicker than the `timestamp_threshold` value. It uses I18n by default.
|
|
94
95
|
|
|
95
96
|
To change these defaults, add the following to an initializer (recommended `config/initializers/invisible_captcha.rb`):
|
|
96
97
|
|
|
97
98
|
```ruby
|
|
98
99
|
InvisibleCaptcha.setup do |config|
|
|
99
|
-
config.honeypots
|
|
100
|
-
config.visual_honeypots
|
|
101
|
-
config.timestamp_threshold
|
|
100
|
+
config.honeypots << 'another_fake_attribute'
|
|
101
|
+
config.visual_honeypots = false
|
|
102
|
+
config.timestamp_threshold = 4
|
|
103
|
+
config.timestamp_enabled = true
|
|
102
104
|
# Leave these unset if you want to use I18n (see below)
|
|
103
105
|
# config.sentence_for_humans = 'If you are a human, ignore this field'
|
|
104
106
|
# config.timestamp_error_message = 'Sorry, that was too quick! Please resubmit.'
|
data/lib/invisible_captcha.rb
CHANGED
|
@@ -12,6 +12,7 @@ module InvisibleCaptcha
|
|
|
12
12
|
|
|
13
13
|
attr_accessor :honeypots,
|
|
14
14
|
:timestamp_threshold,
|
|
15
|
+
:timestamp_enabled,
|
|
15
16
|
:visual_honeypots
|
|
16
17
|
|
|
17
18
|
def init!
|
|
@@ -27,6 +28,9 @@ module InvisibleCaptcha
|
|
|
27
28
|
# Fastest time (in seconds) to expect a human to submit the form
|
|
28
29
|
self.timestamp_threshold = 4
|
|
29
30
|
|
|
31
|
+
# Timestamp check enabled by default
|
|
32
|
+
self.timestamp_enabled = true
|
|
33
|
+
|
|
30
34
|
# Default error message for validator when form submitted too quickly
|
|
31
35
|
self.timestamp_error_message = -> { I18n.t('invisible_captcha.timestamp_error_message', default: 'Sorry, that was too quick! Please resubmit.') }
|
|
32
36
|
|
|
@@ -37,6 +37,10 @@ module InvisibleCaptcha
|
|
|
37
37
|
end
|
|
38
38
|
|
|
39
39
|
def invisible_captcha_timestamp?(options = {})
|
|
40
|
+
unless InvisibleCaptcha.timestamp_enabled
|
|
41
|
+
return false
|
|
42
|
+
end
|
|
43
|
+
|
|
40
44
|
timestamp = session[:invisible_captcha_timestamp]
|
|
41
45
|
|
|
42
46
|
# Consider as spam if timestamp not in session, cause that means the form was not fetched at all
|
|
@@ -6,7 +6,9 @@ module InvisibleCaptcha
|
|
|
6
6
|
# @param scope [Symbol] name of honeypot scope, ie: topic => input name: topic[subtitle]
|
|
7
7
|
# @return [String] the generated html
|
|
8
8
|
def invisible_captcha(honeypot = nil, scope = nil, options = {})
|
|
9
|
-
|
|
9
|
+
if InvisibleCaptcha.timestamp_enabled
|
|
10
|
+
session[:invisible_captcha_timestamp] ||= Time.zone.now.iso8601
|
|
11
|
+
end
|
|
10
12
|
build_invisible_captcha(honeypot, scope, options)
|
|
11
13
|
end
|
|
12
14
|
|
data/spec/controllers_spec.rb
CHANGED
|
@@ -6,6 +6,7 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
6
6
|
before do
|
|
7
7
|
@controller = TopicsController.new
|
|
8
8
|
InvisibleCaptcha.timestamp_threshold = 1
|
|
9
|
+
InvisibleCaptcha.timestamp_enabled = true
|
|
9
10
|
end
|
|
10
11
|
|
|
11
12
|
context 'without invisible_captcha_timestamp in session' do
|
|
@@ -18,6 +19,17 @@ describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
18
19
|
end
|
|
19
20
|
end
|
|
20
21
|
|
|
22
|
+
context 'without invisible_captcha_timestamp in session and timestamp_enabled=false' do
|
|
23
|
+
it 'does not fail like if it was submitted too fast' do
|
|
24
|
+
request.env['HTTP_REFERER'] = 'http://test.host/topics'
|
|
25
|
+
InvisibleCaptcha.timestamp_enabled = false
|
|
26
|
+
post :create, topic: { title: 'foo' }
|
|
27
|
+
|
|
28
|
+
expect(flash[:error]).not_to be_present
|
|
29
|
+
expect(response.body).to be_present
|
|
30
|
+
end
|
|
31
|
+
end
|
|
32
|
+
|
|
21
33
|
context 'submission timestamp_threshold' do
|
|
22
34
|
before do
|
|
23
35
|
session[:invisible_captcha_timestamp] = Time.zone.now.iso8601
|
data/spec/view_helpers_spec.rb
CHANGED
|
@@ -35,6 +35,7 @@ describe InvisibleCaptcha::ViewHelpers, type: :helper do
|
|
|
35
35
|
before do
|
|
36
36
|
allow(Time.zone).to receive(:now).and_return(Time.zone.parse('Feb 19 1986'))
|
|
37
37
|
InvisibleCaptcha.visual_honeypots = false
|
|
38
|
+
InvisibleCaptcha.timestamp_enabled = true
|
|
38
39
|
end
|
|
39
40
|
|
|
40
41
|
it 'with no arguments' do
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.9.
|
|
4
|
+
version: 0.9.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2016-
|
|
11
|
+
date: 2016-06-21 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|
|
@@ -172,7 +172,7 @@ required_rubygems_version: !ruby/object:Gem::Requirement
|
|
|
172
172
|
version: '0'
|
|
173
173
|
requirements: []
|
|
174
174
|
rubyforge_project:
|
|
175
|
-
rubygems_version: 2.
|
|
175
|
+
rubygems_version: 2.2.2
|
|
176
176
|
signing_key:
|
|
177
177
|
specification_version: 4
|
|
178
178
|
summary: Simple honeypot protection for RoR apps
|