invisible_captcha 1.0.0 → 1.0.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +5 -0
- data/README.md +15 -1
- data/lib/invisible_captcha/controller_ext.rb +5 -5
- data/lib/invisible_captcha/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 94b48763b4a33702bf8ae5ceae26837ecc5cacc80b0468c96b3d12a9139c6904
|
|
4
|
+
data.tar.gz: 21332f804ac7c39f0adc09b6b4039625ca76a864a0bf49f59ec63910e72c2ce6
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 4fe27394a45989537bc521f0df1f6d5e16ff07342e5cfd351ef3034587a73647df3e41f53e1d701022d11205b4254e93502dfd6c5b83ff665dfe392a806a9d4a
|
|
7
|
+
data.tar.gz: dc82b65bc789224723c4bac7c07df1a459b2bf22139e4c64a75b7ca907cb5d670e94919c4a9ffa373780b2ecc7deb2c81a5f4ad35fe01911a577453f8c152db3
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,10 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [1.0.1]
|
|
6
|
+
|
|
7
|
+
- Fix naming issue with Ruby 2.7 (#65)
|
|
8
|
+
|
|
5
9
|
## [1.0.0]
|
|
6
10
|
|
|
7
11
|
- Remove Ruby 2.2 and Rails 3.2 support
|
|
@@ -111,6 +115,7 @@ All notable changes to this project will be documented in this file.
|
|
|
111
115
|
|
|
112
116
|
- First version of controller filters
|
|
113
117
|
|
|
118
|
+
[1.0.1]: https://github.com/markets/invisible_captcha/compare/v1.0.0...v1.0.1
|
|
114
119
|
[1.0.0]: https://github.com/markets/invisible_captcha/compare/v0.13.0...v1.0.0
|
|
115
120
|
[0.13.0]: https://github.com/markets/invisible_captcha/compare/v0.12.2...v0.13.0
|
|
116
121
|
[0.12.2]: https://github.com/markets/invisible_captcha/compare/v0.12.1...v0.12.2
|
data/README.md
CHANGED
|
@@ -104,7 +104,7 @@ This section contains a description of all plugin options and customizations.
|
|
|
104
104
|
You can customize:
|
|
105
105
|
|
|
106
106
|
- `sentence_for_humans`: text for real users if input field was visible. By default, it uses I18n (see below).
|
|
107
|
-
- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated.
|
|
107
|
+
- `honeypots`: collection of default honeypots. Used by the view helper, called with no args, to generate a random honeypot field name. By default, a random collection is already generated. As the random collection is stored in memory, it will not work if are running multiple Rails instances behind a load balancer. See [Multiple Rails instances](#multiple-rails-instances).
|
|
108
108
|
- `visual_honeypots`: make honeypots visible, also useful to test/debug your implementation.
|
|
109
109
|
- `timestamp_threshold`: fastest time (in seconds) to expect a human to submit the form (see [original article by Yoav Aner](https://blog.gingerlime.com/2012/simple-detection-of-comment-spam-in-rails/) outlining the idea). By default, 4 seconds. **NOTE:** It's recommended to deactivate the autocomplete feature to avoid false positives (`autocomplete="off"`).
|
|
110
110
|
- `timestamp_enabled`: option to disable the time threshold check at application level. Could be useful, for example, on some testing scenarios. By default, true.
|
|
@@ -127,6 +127,20 @@ InvisibleCaptcha.setup do |config|
|
|
|
127
127
|
end
|
|
128
128
|
```
|
|
129
129
|
|
|
130
|
+
#### Multiple Rails instances
|
|
131
|
+
|
|
132
|
+
If you have multiple Rails instances running behind a load balancer, you have to share the same honeypots collection between the instances.
|
|
133
|
+
|
|
134
|
+
Either use a fixed collection or share them between the instances using `Rails.cache`:
|
|
135
|
+
|
|
136
|
+
```ruby
|
|
137
|
+
InvisibleCaptcha.setup do |config|
|
|
138
|
+
config.honeypots = Rails.cache.fetch('invisible_captcha_honeypots') do
|
|
139
|
+
(1..20).map { InvisibleCaptcha.generate_random_honeypot }
|
|
140
|
+
end
|
|
141
|
+
end
|
|
142
|
+
```
|
|
143
|
+
|
|
130
144
|
### Controller method options:
|
|
131
145
|
|
|
132
146
|
The `invisible_captcha` method accepts some options:
|
|
@@ -53,7 +53,7 @@ module InvisibleCaptcha
|
|
|
53
53
|
|
|
54
54
|
# Consider as spam if timestamp not in session, cause that means the form was not fetched at all
|
|
55
55
|
unless @invisible_captcha_timestamp
|
|
56
|
-
|
|
56
|
+
warn_spam("Invisible Captcha timestamp not found in session.")
|
|
57
57
|
return true
|
|
58
58
|
end
|
|
59
59
|
|
|
@@ -62,7 +62,7 @@ module InvisibleCaptcha
|
|
|
62
62
|
|
|
63
63
|
# Consider as spam if form submitted too quickly
|
|
64
64
|
if time_to_submit < threshold
|
|
65
|
-
|
|
65
|
+
warn_spam("Invisible Captcha timestamp threshold not reached (took #{time_to_submit.to_i}s).")
|
|
66
66
|
return true
|
|
67
67
|
end
|
|
68
68
|
|
|
@@ -78,7 +78,7 @@ module InvisibleCaptcha
|
|
|
78
78
|
# - honeypot: params[:subtitle]
|
|
79
79
|
# - honeypot with scope: params[:topic][:subtitle]
|
|
80
80
|
if params[honeypot].present? || (params[scope] && params[scope][honeypot].present?)
|
|
81
|
-
|
|
81
|
+
warn_spam("Invisible Captcha honeypot param '#{honeypot}' was present.")
|
|
82
82
|
return true
|
|
83
83
|
else
|
|
84
84
|
# No honeypot spam detected, remove honeypot from params to avoid UnpermittedParameters exceptions
|
|
@@ -88,7 +88,7 @@ module InvisibleCaptcha
|
|
|
88
88
|
else
|
|
89
89
|
InvisibleCaptcha.honeypots.each do |default_honeypot|
|
|
90
90
|
if params[default_honeypot].present?
|
|
91
|
-
|
|
91
|
+
warn_spam("Invisible Captcha honeypot param '#{default_honeypot}' was present.")
|
|
92
92
|
return true
|
|
93
93
|
end
|
|
94
94
|
end
|
|
@@ -97,7 +97,7 @@ module InvisibleCaptcha
|
|
|
97
97
|
false
|
|
98
98
|
end
|
|
99
99
|
|
|
100
|
-
def
|
|
100
|
+
def warn_spam(message)
|
|
101
101
|
logger.warn("Potential spam detected for IP #{request.remote_ip}. #{message}")
|
|
102
102
|
|
|
103
103
|
ActiveSupport::Notifications.instrument(
|
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 1.0.
|
|
4
|
+
version: 1.0.1
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date:
|
|
11
|
+
date: 2020-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|