invisible_captcha 0.13.0 → 1.0.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/.travis.yml +0 -13
- data/Appraisals +0 -4
- data/CHANGELOG.md +6 -0
- data/LICENSE +1 -1
- data/README.md +36 -1
- data/invisible_captcha.gemspec +1 -3
- data/lib/invisible_captcha/controller_ext.rb +13 -8
- data/lib/invisible_captcha/version.rb +1 -1
- data/spec/controllers_spec.rb +38 -0
- metadata +4 -33
- data/gemfiles/rails_3.2.gemfile +0 -7
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f27b7d3288d93919d6b1caa54cb08b026eddea9ef81bbf3b5ea72ead77bf1a44
|
4
|
+
data.tar.gz: dd29af328ea032506bf1ffc8a50c425ed2a634eba8fb5acc375df248164793cf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 6b8eea41afe49b36597042135579165583f751e4a4f8958ac3e839b223e1b2a7bca7afede2af6d82ffc857b0366fa2bd2942297762605b21f66363dfd624662f
|
7
|
+
data.tar.gz: a2bc9bb2368bfcfdfc7db912d772e70b05d70d864e65a785d0aeb31fdefc27862e5e54c82f2dbd570733c7c0f90b6e410ad77c47e3633b41e066308d072b2b7c
|
data/.travis.yml
CHANGED
@@ -1,20 +1,17 @@
|
|
1
1
|
language: ruby
|
2
2
|
cache: bundler
|
3
|
-
sudo: false
|
4
3
|
rvm:
|
5
4
|
- ruby-head
|
6
5
|
- 2.6.5
|
7
6
|
- 2.5.7
|
8
7
|
- 2.4.9
|
9
8
|
- 2.3.8
|
10
|
-
- 2.2.10
|
11
9
|
gemfile:
|
12
10
|
- gemfiles/rails_6.0.gemfile
|
13
11
|
- gemfiles/rails_5.2.gemfile
|
14
12
|
- gemfiles/rails_5.1.gemfile
|
15
13
|
- gemfiles/rails_5.0.gemfile
|
16
14
|
- gemfiles/rails_4.2.gemfile
|
17
|
-
- gemfiles/rails_3.2.gemfile
|
18
15
|
before_install:
|
19
16
|
# Rails 4.x requires Bundler version < 2.0.
|
20
17
|
- "find /home/travis/.rvm/rubies -wholename '*default/bundler-*.gemspec' -delete"
|
@@ -26,15 +23,5 @@ matrix:
|
|
26
23
|
gemfile: gemfiles/rails_6.0.gemfile
|
27
24
|
- rvm: 2.3.8
|
28
25
|
gemfile: gemfiles/rails_6.0.gemfile
|
29
|
-
- rvm: 2.2.10
|
30
|
-
gemfile: gemfiles/rails_6.0.gemfile
|
31
|
-
- rvm: ruby-head
|
32
|
-
gemfile: gemfiles/rails_3.2.gemfile
|
33
|
-
- rvm: 2.6.5
|
34
|
-
gemfile: gemfiles/rails_3.2.gemfile
|
35
|
-
- rvm: 2.5.7
|
36
|
-
gemfile: gemfiles/rails_3.2.gemfile
|
37
|
-
- rvm: 2.4.9
|
38
|
-
gemfile: gemfiles/rails_3.2.gemfile
|
39
26
|
allow_failures:
|
40
27
|
- rvm: ruby-head
|
data/Appraisals
CHANGED
data/CHANGELOG.md
CHANGED
@@ -2,6 +2,11 @@
|
|
2
2
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
4
4
|
|
5
|
+
## [1.0.0]
|
6
|
+
|
7
|
+
- Remove Ruby 2.2 and Rails 3.2 support
|
8
|
+
- Add Instrumentation event (#62)
|
9
|
+
|
5
10
|
## [0.13.0]
|
6
11
|
|
7
12
|
- Add support for the Content Security Policy nonce (#61)
|
@@ -106,6 +111,7 @@ All notable changes to this project will be documented in this file.
|
|
106
111
|
|
107
112
|
- First version of controller filters
|
108
113
|
|
114
|
+
[1.0.0]: https://github.com/markets/invisible_captcha/compare/v0.13.0...v1.0.0
|
109
115
|
[0.13.0]: https://github.com/markets/invisible_captcha/compare/v0.12.2...v0.13.0
|
110
116
|
[0.12.2]: https://github.com/markets/invisible_captcha/compare/v0.12.1...v0.12.2
|
111
117
|
[0.12.1]: https://github.com/markets/invisible_captcha/compare/v0.12.0...v0.12.1
|
data/LICENSE
CHANGED
data/README.md
CHANGED
@@ -19,7 +19,7 @@ It also comes with a time-sensitive :hourglass: form submission.
|
|
19
19
|
|
20
20
|
## Installation
|
21
21
|
|
22
|
-
Invisible Captcha is tested against Rails `>=
|
22
|
+
Invisible Captcha is tested against Rails `>= 4.2` and Ruby `>= 2.3`.
|
23
23
|
|
24
24
|
Add this line to your Gemfile and then execute `bundle install`:
|
25
25
|
|
@@ -165,6 +165,41 @@ You can also pass html options to the input:
|
|
165
165
|
<%= invisible_captcha :subtitle, :topic, id: "your_id", class: "your_class" %>
|
166
166
|
```
|
167
167
|
|
168
|
+
### Spam detection notifications
|
169
|
+
|
170
|
+
In addition to the `on_spam` controller callback, you can use the [Active Support Instrumentation API](https://guides.rubyonrails.org/active_support_instrumentation.html) to set up a global event handler that fires whenever spam is detected. This is useful for advanced logging, background processing, etc.
|
171
|
+
|
172
|
+
To set up a global event handler, [subscribe](https://guides.rubyonrails.org/active_support_instrumentation.html#subscribing-to-an-event) to the `invisible_captcha.spam_detected` event in an initializer:
|
173
|
+
|
174
|
+
```ruby
|
175
|
+
# config/initializers/invisible_captcha.rb
|
176
|
+
|
177
|
+
ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
|
178
|
+
AwesomeLogger.warn(data[:message], data) # Log to an external logging service.
|
179
|
+
SpamRequest.create(data) # Record the blocked request in your database.
|
180
|
+
end
|
181
|
+
```
|
182
|
+
|
183
|
+
The `data` passed to the subscriber is hash containing information about the request that was detected as spam. For example:
|
184
|
+
|
185
|
+
```ruby
|
186
|
+
{
|
187
|
+
message: "Invisible Captcha honeypot param 'subtitle' was present.",
|
188
|
+
remote_ip: '127.0.0.1',
|
189
|
+
user_agent: 'Chrome 77',
|
190
|
+
controller: 'users',
|
191
|
+
action: 'create',
|
192
|
+
url: 'http://example.com/users',
|
193
|
+
params: {
|
194
|
+
topic: { subtitle: 'foo' },
|
195
|
+
controller: 'users',
|
196
|
+
action: 'create'
|
197
|
+
}
|
198
|
+
}
|
199
|
+
```
|
200
|
+
|
201
|
+
_**Note:** `params` will be filtered according to your `Rails.application.config.filter_parameters` configuration, making them (probably) safe for logging. But always double-check that you're not inadvertently logging sensitive form data, like passwords and credit cards._
|
202
|
+
|
168
203
|
### Content Security Policy
|
169
204
|
|
170
205
|
If you're using a Content Security Policy (CSP) in your Rails app, you will need to generate a nonce on the server, and pass `nonce: true` attribute to the view helper. Uncomment the following lines in your `config/initializers/content_security_policy.rb` file:
|
data/invisible_captcha.gemspec
CHANGED
@@ -15,10 +15,8 @@ Gem::Specification.new do |spec|
|
|
15
15
|
spec.test_files = spec.files.grep(%r{^(test|spec|features)/})
|
16
16
|
spec.require_paths = ["lib"]
|
17
17
|
|
18
|
-
spec.add_dependency 'rails', '>=
|
18
|
+
spec.add_dependency 'rails', '>= 4.2'
|
19
19
|
|
20
20
|
spec.add_development_dependency 'rspec-rails', '~> 3.1'
|
21
21
|
spec.add_development_dependency 'appraisal'
|
22
|
-
spec.add_development_dependency 'test-unit', '~> 3.0'
|
23
|
-
spec.add_development_dependency 'byebug'
|
24
22
|
end
|
@@ -4,14 +4,8 @@ module InvisibleCaptcha
|
|
4
4
|
module ControllerExt
|
5
5
|
module ClassMethods
|
6
6
|
def invisible_captcha(options = {})
|
7
|
-
|
8
|
-
|
9
|
-
detect_spam(options)
|
10
|
-
end
|
11
|
-
else
|
12
|
-
before_filter(options) do
|
13
|
-
detect_spam(options)
|
14
|
-
end
|
7
|
+
before_action(options) do
|
8
|
+
detect_spam(options)
|
15
9
|
end
|
16
10
|
end
|
17
11
|
end
|
@@ -105,6 +99,17 @@ module InvisibleCaptcha
|
|
105
99
|
|
106
100
|
def warn(message)
|
107
101
|
logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
|
102
|
+
|
103
|
+
ActiveSupport::Notifications.instrument(
|
104
|
+
'invisible_captcha.spam_detected',
|
105
|
+
message: message,
|
106
|
+
remote_ip: request.remote_ip,
|
107
|
+
user_agent: request.user_agent,
|
108
|
+
controller: params[:controller],
|
109
|
+
action: params[:action],
|
110
|
+
url: request.url,
|
111
|
+
params: request.filtered_parameters
|
112
|
+
)
|
108
113
|
end
|
109
114
|
end
|
110
115
|
end
|
data/spec/controllers_spec.rb
CHANGED
@@ -143,5 +143,43 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
143
143
|
expect(flash[:error]).not_to be_present
|
144
144
|
expect(@controller.params[:topic].key?(:subtitle)).to eq(false)
|
145
145
|
end
|
146
|
+
|
147
|
+
describe 'ActiveSupport::Notifications' do
|
148
|
+
let(:dummy_handler) { double(handle_event: nil) }
|
149
|
+
|
150
|
+
let!(:subscriber) do
|
151
|
+
subscriber = ActiveSupport::Notifications.subscribe('invisible_captcha.spam_detected') do |*args, data|
|
152
|
+
dummy_handler.handle_event(data)
|
153
|
+
end
|
154
|
+
|
155
|
+
subscriber
|
156
|
+
end
|
157
|
+
|
158
|
+
after { ActiveSupport::Notifications.unsubscribe(subscriber) }
|
159
|
+
|
160
|
+
it 'dispatches an `invisible_captcha.spam_detected` event' do
|
161
|
+
# Skip the `with` matcher for Rails < 5 due to issues comparing arguments passed to / recived by the dummy event handler.
|
162
|
+
# https://github.com/markets/invisible_captcha/pull/62#issuecomment-552218501
|
163
|
+
if Rails.version > '5'
|
164
|
+
expect(dummy_handler).to receive(:handle_event).once.with(
|
165
|
+
message: "Invisible Captcha honeypot param 'subtitle' was present.",
|
166
|
+
remote_ip: '0.0.0.0',
|
167
|
+
user_agent: 'Rails Testing',
|
168
|
+
controller: 'topics',
|
169
|
+
action: 'create',
|
170
|
+
url: 'http://test.host/topics',
|
171
|
+
params: {
|
172
|
+
topic: { subtitle: "foo"},
|
173
|
+
controller: 'topics',
|
174
|
+
action: 'create'
|
175
|
+
}
|
176
|
+
)
|
177
|
+
else
|
178
|
+
expect(dummy_handler).to receive(:handle_event).once
|
179
|
+
end
|
180
|
+
|
181
|
+
switchable_post :create, topic: { subtitle: 'foo' }
|
182
|
+
end
|
183
|
+
end
|
146
184
|
end
|
147
185
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: invisible_captcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: 1.0.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Marc Anguera Insa
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2019-11-
|
11
|
+
date: 2019-11-16 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: rails
|
@@ -16,14 +16,14 @@ dependencies:
|
|
16
16
|
requirements:
|
17
17
|
- - ">="
|
18
18
|
- !ruby/object:Gem::Version
|
19
|
-
version:
|
19
|
+
version: '4.2'
|
20
20
|
type: :runtime
|
21
21
|
prerelease: false
|
22
22
|
version_requirements: !ruby/object:Gem::Requirement
|
23
23
|
requirements:
|
24
24
|
- - ">="
|
25
25
|
- !ruby/object:Gem::Version
|
26
|
-
version:
|
26
|
+
version: '4.2'
|
27
27
|
- !ruby/object:Gem::Dependency
|
28
28
|
name: rspec-rails
|
29
29
|
requirement: !ruby/object:Gem::Requirement
|
@@ -52,34 +52,6 @@ dependencies:
|
|
52
52
|
- - ">="
|
53
53
|
- !ruby/object:Gem::Version
|
54
54
|
version: '0'
|
55
|
-
- !ruby/object:Gem::Dependency
|
56
|
-
name: test-unit
|
57
|
-
requirement: !ruby/object:Gem::Requirement
|
58
|
-
requirements:
|
59
|
-
- - "~>"
|
60
|
-
- !ruby/object:Gem::Version
|
61
|
-
version: '3.0'
|
62
|
-
type: :development
|
63
|
-
prerelease: false
|
64
|
-
version_requirements: !ruby/object:Gem::Requirement
|
65
|
-
requirements:
|
66
|
-
- - "~>"
|
67
|
-
- !ruby/object:Gem::Version
|
68
|
-
version: '3.0'
|
69
|
-
- !ruby/object:Gem::Dependency
|
70
|
-
name: byebug
|
71
|
-
requirement: !ruby/object:Gem::Requirement
|
72
|
-
requirements:
|
73
|
-
- - ">="
|
74
|
-
- !ruby/object:Gem::Version
|
75
|
-
version: '0'
|
76
|
-
type: :development
|
77
|
-
prerelease: false
|
78
|
-
version_requirements: !ruby/object:Gem::Requirement
|
79
|
-
requirements:
|
80
|
-
- - ">="
|
81
|
-
- !ruby/object:Gem::Version
|
82
|
-
version: '0'
|
83
55
|
description: Unobtrusive, flexible and simple spam protection for Rails applications
|
84
56
|
using honeypot strategy for better user experience.
|
85
57
|
email:
|
@@ -97,7 +69,6 @@ files:
|
|
97
69
|
- LICENSE
|
98
70
|
- README.md
|
99
71
|
- Rakefile
|
100
|
-
- gemfiles/rails_3.2.gemfile
|
101
72
|
- gemfiles/rails_4.2.gemfile
|
102
73
|
- gemfiles/rails_5.0.gemfile
|
103
74
|
- gemfiles/rails_5.1.gemfile
|