invisible_captcha 1.0.0 → 1.0.1
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +15 -1
- data/lib/invisible_captcha/controller_ext.rb +5 -5
- data/lib/invisible_captcha/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94b48763b4a33702bf8ae5ceae26837ecc5cacc80b0468c96b3d12a9139c6904
|
|
4
|
+
data.tar.gz: 21332f804ac7c39f0adc09b6b4039625ca76a864a0bf49f59ec63910e72c2ce6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fe27394a45989537bc521f0df1f6d5e16ff07342e5cfd351ef3034587a73647df3e41f53e1d701022d11205b4254e93502dfd6c5b83ff665dfe392a806a9d4a
|
|
7
|
+
data.tar.gz: dc82b65bc789224723c4bac7c07df1a459b2bf22139e4c64a75b7ca907cb5d670e94919c4a9ffa373780b2ecc7deb2c81a5f4ad35fe01911a577453f8c152db3
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [1.0.1]
|
|
6
|
+
|
|
7
|
+
- Fix naming issue with Ruby 2.7 (#65)
|
|
8
|
+
|
|
5
9
|
## [1.0.0]
|
|
6
10
|
|
|
7
11
|
- Remove Ruby 2.2 and Rails 3.2 support
|
|
@@ -111,6 +115,7 @@ All notable changes to this project will be documented in this file.
|
|
|
111
115
|
|
|
112
116
|
- First version of controller filters
|
|
113
117
|
|
|
118
|
+
[1.0.1]: https://github.com/markets/invisible_captcha/compare/v1.0.0...v1.0.1
|
|
114
119
|
[1.0.0]: https://github.com/markets/invisible_captcha/compare/v0.13.0...v1.0.0
|
|
115
120
|
[0.13.0]: https://github.com/markets/invisible_captcha/compare/v0.12.2...v0.13.0
|
|
116
121
|
[0.12.2]: https://github.com/markets/invisible_captcha/compare/v0.12.1...v0.12.2
|
data/README.md
CHANGED
|
@@ -104,7 +104,7 @@ This section contains a description of all plugin options and customizations.
|
|
|
104
104
|
You can customize:
|
|
105
105
|
|
|
106
106
|
- `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
|
|
107
|
-
- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated.
|
|
107
|
+
- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if are running multiple Rails instances behind a load balancer. See [Multiple Rails instances](#multiple-rails-instances).
|
|
108
108
|
- `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
|
|
109
109
|
- `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](https://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
|
|
110
110
|
- `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
|
|
@@ -127,6 +127,20 @@ InvisibleCaptcha.setup do |config|
|
|
|
127
127
|
end
|
|
128
128
|
```
|
|
129
129
|
|
|
130
|
+
#### Multiple Rails instances
|
|
131
|
+
|
|
132
|
+
If you have multiple Rails instances running behind a load balancer, you have to share the same honeypots collection between the instances.
|
|
133
|
+
|
|
134
|
+
Either use a fixed collection or share them between the instances using `Rails.cache`:
|
|
135
|
+
|
|
136
|
+
```ruby
|
|
137
|
+
InvisibleCaptcha.setup do |config|
|
|
138
|
+
config.honeypots = Rails.cache.fetch('invisible_captcha_honeypots') do
|
|
139
|
+
(1..20).map { InvisibleCaptcha.generate_random_honeypot }
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
```
|
|
143
|
+
|
|
130
144
|
### Controller method options:
|
|
131
145
|
|
|
132
146
|
The `invisible_captcha` method accepts some options:
|
|
@@ -53,7 +53,7 @@ module InvisibleCaptcha
|
|
|
53
53
|
|
|
54
54
|
# Consider as spam if timestamp not in session, cause that means the form was not fetched at all
|
|
55
55
|
unless @invisible_captcha_timestamp
|
|
56
|
-
|
|
56
|
+
warn_spam("Invisible Captcha timestamp not found in session.")
|
|
57
57
|
return true
|
|
58
58
|
end
|
|
59
59
|
|
|
@@ -62,7 +62,7 @@ module InvisibleCaptcha
|
|
|
62
62
|
|
|
63
63
|
# Consider as spam if form submitted too quickly
|
|
64
64
|
if time_to_submit < threshold
|
|
65
|
-
|
|
65
|
+
warn_spam("Invisible Captcha timestamp threshold not reached (took #{time_to_submit.to_i}s).")
|
|
66
66
|
return true
|
|
67
67
|
end
|
|
68
68
|
|
|
@@ -78,7 +78,7 @@ module InvisibleCaptcha
|
|
|
78
78
|
# - honeypot: params[:subtitle]
|
|
79
79
|
# - honeypot with scope: params[:topic][:subtitle]
|
|
80
80
|
if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
|
|
81
|
-
|
|
81
|
+
warn_spam("Invisible Captcha honeypot param '#{honeypot}' was present.")
|
|
82
82
|
return true
|
|
83
83
|
else
|
|
84
84
|
# No honeypot spam detected, remove honeypot from params to avoid UnpermittedParameters exceptions
|
|
@@ -88,7 +88,7 @@ module InvisibleCaptcha
|
|
|
88
88
|
else
|
|
89
89
|
InvisibleCaptcha.honeypots.each do |default_honeypot|
|
|
90
90
|
if params[default_honeypot].present?
|
|
91
|
-
|
|
91
|
+
warn_spam("Invisible Captcha honeypot param '#{default_honeypot}' was present.")
|
|
92
92
|
return true
|
|
93
93
|
end
|
|
94
94
|
end
|
|
@@ -97,7 +97,7 @@ module InvisibleCaptcha
|
|
|
97
97
|
false
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
def
|
|
100
|
+
def warn_spam(message)
|
|
101
101
|
logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
|
|
102
102
|
|
|
103
103
|
ActiveSupport::Notifications.instrument(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|