RubyGems - invisible_captcha - Versions diffs - 0.13.0 → 1.0.0 - Mend

invisible_captcha 0.13.0 → 1.0.0

Files changed (12) hide show

checksums.yaml +4 -4
data/.travis.yml +0 -13
data/Appraisals +0 -4
data/CHANGELOG.md +6 -0
data/LICENSE +1 -1
data/README.md +36 -1
data/invisible_captcha.gemspec +1 -3
data/lib/invisible_captcha/controller_ext.rb +13 -8
data/lib/invisible_captcha/version.rb +1 -1
data/spec/controllers_spec.rb +38 -0
metadata +4 -33
data/gemfiles/rails_3.2.gemfile +0 -7

checksums.yaml CHANGED

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 22b983b8b83c0fb6eee4d4a97e3680c2c8e44c305c9181aee11e57f995f545e4
-  data.tar.gz: 97a7ec072f6158d49c0f65f73d3d8c6ee90725306ff0de87af5dd21ce1fc5184
+  metadata.gz: f27b7d3288d93919d6b1caa54cb08b026eddea9ef81bbf3b5ea72ead77bf1a44
+  data.tar.gz: dd29af328ea032506bf1ffc8a50c425ed2a634eba8fb5acc375df248164793cf
 SHA512:
-  metadata.gz: 1d77948f8fe547ccf52da9d92389f170ce43bdaab80cdcf246f80fde50db6773134c305e7edc0a162036f4c6d5a98f75342679dc7915c44ba37c727168d35f3f
-  data.tar.gz: 687063c83c44dbae9a65ba75664c8240e7915464738aea41b38bf4e089aab7945fc2b22dda64814bdab85b7ae241439d7dd8dfccfe56a3f16b26b6b9ee145ecf
+  metadata.gz: 6b8eea41afe49b36597042135579165583f751e4a4f8958ac3e839b223e1b2a7bca7afede2af6d82ffc857b0366fa2bd2942297762605b21f66363dfd624662f
+  data.tar.gz: a2bc9bb2368bfcfdfc7db912d772e70b05d70d864e65a785d0aeb31fdefc27862e5e54c82f2dbd570733c7c0f90b6e410ad77c47e3633b41e066308d072b2b7c

data/.travis.yml CHANGED

@@ -1,20 +1,17 @@
 language: ruby
 cache: bundler
-sudo: false
 rvm:
   - ruby-head
   - 2.6.5
   - 2.5.7
   - 2.4.9
   - 2.3.8
-  - 2.2.10
 gemfile:
   - gemfiles/rails_6.0.gemfile
   - gemfiles/rails_5.2.gemfile
   - gemfiles/rails_5.1.gemfile
   - gemfiles/rails_5.0.gemfile
   - gemfiles/rails_4.2.gemfile
-  - gemfiles/rails_3.2.gemfile
 before_install:
   # Rails 4.x requires Bundler version < 2.0.
   - "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
@@ -26,15 +23,5 @@ matrix:
       gemfile: gemfiles/rails_6.0.gemfile
     - rvm: 2.3.8
       gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: 2.2.10
-      gemfile: gemfiles/rails_6.0.gemfile
-    - rvm: ruby-head
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.6.5
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.5.7
-      gemfile: gemfiles/rails_3.2.gemfile
-    - rvm: 2.4.9
-      gemfile: gemfiles/rails_3.2.gemfile
   allow_failures:
     - rvm: ruby-head

data/Appraisals CHANGED

@@ -17,7 +17,3 @@ end
 appraise "rails-4.2" do
   gem "rails", "~> 4.2.0"
 end
-appraise "rails-3.2" do
-  gem "rails", "~> 3.2.0"
-end

data/CHANGELOG.md CHANGED

@@ -2,6 +2,11 @@
 All notable changes to this project will be documented in this file.
+## [1.0.0]
+- Remove Ruby 2.2 and Rails 3.2 support
+- Add Instrumentation event (#62)
 ## [0.13.0]
 - Add support for the Content Security Policy nonce (#61)
@@ -106,6 +111,7 @@ All notable changes to this project will be documented in this file.
 - First version of controller filters
+[1.0.0]: https://github.com/markets/invisible_captcha/compare/v0.13.0...v1.0.0
 [0.13.0]: https://github.com/markets/invisible_captcha/compare/v0.12.2...v0.13.0
 [0.12.2]: https://github.com/markets/invisible_captcha/compare/v0.12.1...v0.12.2
 [0.12.1]: https://github.com/markets/invisible_captcha/compare/v0.12.0...v0.12.1

data/LICENSE CHANGED

@@ -1,4 +1,4 @@
-Copyright 2012-2017 Marc Anguera Insa
+Copyright 2012-2019 Marc Anguera Insa
 Permission is hereby granted, free of charge, to any person obtaining
 a copy of this software and associated documentation files (the

data/README.md CHANGED

@@ -19,7 +19,7 @@ It also comes with a time-sensitive :hourglass: form submission.
 ## Installation
-Invisible Captcha is tested against Rails `>= 3.2` and Ruby `>= 2.2`.
+Invisible Captcha is tested against Rails `>= 4.2` and Ruby `>= 2.3`.
 Add this line to your Gemfile and then execute `bundle install`:
@@ -165,6 +165,41 @@ You can also pass html options to the input:
 <%= invisible_captcha :subtitle, :topic, id: "your_id", class: "your_class" %>
 ```
+### Spam detection notifications
+In addition to the `on_spam` controller callback, you can use the [Active Support Instrumentation API](https://guides.rubyonrails.org/active_support_instrumentation.html) to set up a global event handler that fires whenever spam is detected. This is useful for advanced logging, background processing, etc.
+To set up a global event handler, [subscribe](https://guides.rubyonrails.org/active_support_instrumentation.html#subscribing-to-an-event) to the `invisible_captcha.spam_detected` event in an initializer:
+```ruby
+# config/initializers/invisible_captcha.rb
+ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
+  AwesomeLogger.warn(data[:message], data)  # Log to an external logging service.
+  SpamRequest.create(data)                  # Record the blocked request in your database.
+end
+```
+The `data` passed to the subscriber is hash containing information about the request that was detected as spam. For example:
+```ruby
+{
+  message: "Invisible Captcha honeypot param 'subtitle' was present.",
+  remote_ip: '127.0.0.1',
+  user_agent: 'Chrome 77',
+  controller: 'users',
+  action: 'create',
+  url: 'http://example.com/users',
+  params: {
+    topic: { subtitle: 'foo' },
+    controller: 'users',
+    action: 'create'
+  }
+}
+```
+_**Note:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards._
 ### Content Security Policy
 If you're using a Content Security Policy (CSP) in your Rails app, you will need to generate a nonce on the server, and pass `nonce: true` attribute to the view helper. Uncomment the following lines in your `config/initializers/content_security_policy.rb` file:

data/invisible_captcha.gemspec CHANGED

@@ -15,10 +15,8 @@ Gem::Specification.new do |spec|
   spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
   spec.require_paths = ["lib"]
-  spec.add_dependency 'rails', '>= 3.2.0'
+  spec.add_dependency 'rails', '>= 4.2'
   spec.add_development_dependency 'rspec-rails', '~> 3.1'
   spec.add_development_dependency 'appraisal'
-  spec.add_development_dependency 'test-unit', '~> 3.0'
-  spec.add_development_dependency 'byebug'
 end

data/lib/invisible_captcha/controller_ext.rb CHANGED

@@ -4,14 +4,8 @@ module InvisibleCaptcha
   module ControllerExt
     module ClassMethods
       def invisible_captcha(options = {})
-        if respond_to?(:before_action)
-          before_action(options) do
-            detect_spam(options)
-          end
-        else
-          before_filter(options) do
-            detect_spam(options)
-          end
+        before_action(options) do
+          detect_spam(options)
         end
       end
     end
@@ -105,6 +99,17 @@ module InvisibleCaptcha
     def warn(message)
       logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
+      ActiveSupport::Notifications.instrument(
+        'invisible_captcha.spam_detected',
+        message: message,
+        remote_ip: request.remote_ip,
+        user_agent: request.user_agent,
+        controller: params[:controller],
+        action: params[:action],
+        url: request.url,
+        params: request.filtered_parameters
+      )
     end
   end
 end

data/lib/invisible_captcha/version.rb CHANGED

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module InvisibleCaptcha
-  VERSION = "0.13.0"
+  VERSION = "1.0.0"
 end

data/spec/controllers_spec.rb CHANGED

@@ -143,5 +143,43 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
       expect(flash[:error]).not_to be_present
       expect(@controller.params[:topic].key?(:subtitle)).to eq(false)
     end
+    describe 'ActiveSupport::Notifications' do
+      let(:dummy_handler) { double(handle_event: nil) }
+      let!(:subscriber) do
+        subscriber = ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
+          dummy_handler.handle_event(data)
+        end
+        subscriber
+      end
+      after  { ActiveSupport::Notifications.unsubscribe(subscriber) }
+      it 'dispatches an `invisible_captcha.spam_detected` event' do
+        # Skip the `with` matcher for Rails < 5 due to issues comparing arguments passed to / recived by the dummy event handler.
+        # https://github.com/markets/invisible_captcha/pull/62#issuecomment-552218501
+        if Rails.version > '5'
+          expect(dummy_handler).to receive(:handle_event).once.with(
+            message: "Invisible Captcha honeypot param 'subtitle' was present.",
+            remote_ip: '0.0.0.0',
+            user_agent: 'Rails Testing',
+            controller: 'topics',
+            action: 'create',
+            url: 'http://test.host/topics',
+            params: {
+              topic: { subtitle: "foo"},
+              controller: 'topics',
+              action: 'create'
+            }
+          )
+        else
+          expect(dummy_handler).to receive(:handle_event).once
+        end
+        switchable_post :create, topic: { subtitle: 'foo' }
+      end
+    end
   end
 end

metadata CHANGED

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: invisible_captcha
 version: !ruby/object:Gem::Version
-  version: 0.13.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Marc Anguera Insa
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-11-06 00:00:00.000000000 Z
+date: 2019-11-16 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,14 +16,14 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: '4.2'
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 3.2.0
+        version: '4.2'
 - !ruby/object:Gem::Dependency
   name: rspec-rails
   requirement: !ruby/object:Gem::Requirement
@@ -52,34 +52,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: test-unit
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - "~>"
-      - !ruby/object:Gem::Version
-        version: '3.0'
-- !ruby/object:Gem::Dependency
-  name: byebug
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 description: Unobtrusive, flexible and simple spam protection for Rails applications
   using honeypot strategy for better user experience.
 email:
@@ -97,7 +69,6 @@ files:
 - LICENSE
 - README.md
 - Rakefile
-- gemfiles/rails_3.2.gemfile
 - gemfiles/rails_4.2.gemfile
 - gemfiles/rails_5.0.gemfile
 - gemfiles/rails_5.1.gemfile

data/gemfiles/rails_3.2.gemfile DELETED

@@ -1,7 +0,0 @@
-# This file was generated by Appraisal
-source "https://rubygems.org"
-gem "rails", "~> 3.2.0"
-gemspec path: "../"