invisible_captcha 2.2.0 → 2.3.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/LICENSE +1 -1
- data/README.md +21 -1
- data/lib/invisible_captcha/controller_ext.rb +5 -2
- data/lib/invisible_captcha/version.rb +1 -1
- data/spec/controllers_spec.rb +12 -0
- data/spec/dummy/app/controllers/topics_controller.rb +16 -0
- data/spec/dummy/config/routes.rb +1 -0
- metadata +2 -2
checksums.yaml
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
---
|
|
2
2
|
SHA256:
|
|
3
|
-
metadata.gz:
|
|
4
|
-
data.tar.gz:
|
|
3
|
+
metadata.gz: 8421f23e2c4ca4f1512efe6f0ac5b7d538c21fae25c94dae1eb12080bcc7bff2
|
|
4
|
+
data.tar.gz: d80bbba59b964e84f677620a2c24a5047744a95733805981583034e3629034a4
|
|
5
5
|
SHA512:
|
|
6
|
-
metadata.gz:
|
|
7
|
-
data.tar.gz:
|
|
6
|
+
metadata.gz: 94f28d33d89e5dcfa741d97c34c4a42645a5d3f668238653341cd402c1e1e3bfbf8d2c42f5bc6d9d8bda3815d3e7036c0dae13965691e7409ce5df1ff5763bee
|
|
7
|
+
data.tar.gz: 2a187357840766a3eae1c40f032015c38f07a2b12955c9bfc82f95251b81138a6eab8e69ccd0adbfb9e5f13c095a541e869f2b3d5672e29a75b893253702965e
|
data/CHANGELOG.md
CHANGED
|
@@ -2,6 +2,11 @@
|
|
|
2
2
|
|
|
3
3
|
All notable changes to this project will be documented in this file.
|
|
4
4
|
|
|
5
|
+
## [2.3.0]
|
|
6
|
+
|
|
7
|
+
- Run honeypot + spinner checks and their callback also if timestamp triggers but passes through (#132)
|
|
8
|
+
- Mark as spam requests with no spinner value (#134)
|
|
9
|
+
|
|
5
10
|
## [2.2.0]
|
|
6
11
|
|
|
7
12
|
- Official support for Rails 7.1
|
|
@@ -136,6 +141,7 @@ All notable changes to this project will be documented in this file.
|
|
|
136
141
|
|
|
137
142
|
- First version of controller filters
|
|
138
143
|
|
|
144
|
+
[2.3.0]: https://github.com/markets/invisible_captcha/compare/v2.2.0...v2.3.0
|
|
139
145
|
[2.2.0]: https://github.com/markets/invisible_captcha/compare/v2.1.0...v2.2.0
|
|
140
146
|
[2.1.0]: https://github.com/markets/invisible_captcha/compare/v2.0.0...v2.1.0
|
|
141
147
|
[2.0.0]: https://github.com/markets/invisible_captcha/compare/v1.1.0...v2.0.0
|
data/LICENSE
CHANGED
data/README.md
CHANGED
|
@@ -287,7 +287,7 @@ end
|
|
|
287
287
|
Another option is to wait for the timestamp check to be valid:
|
|
288
288
|
|
|
289
289
|
```ruby
|
|
290
|
-
# Maybe
|
|
290
|
+
# Maybe inside a before block
|
|
291
291
|
InvisibleCaptcha.init!
|
|
292
292
|
InvisibleCaptcha.timestamp_threshold = 1
|
|
293
293
|
|
|
@@ -295,6 +295,26 @@ InvisibleCaptcha.timestamp_threshold = 1
|
|
|
295
295
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
296
296
|
```
|
|
297
297
|
|
|
298
|
+
If you're using the "random honeypot" approach, you may want to set a known honeypot:
|
|
299
|
+
|
|
300
|
+
```ruby
|
|
301
|
+
config.honeypots = ['my_honeypot_field'] if Rails.env.test?
|
|
302
|
+
```
|
|
303
|
+
|
|
304
|
+
And for the "spinner validation" check, you may want to disable it:
|
|
305
|
+
|
|
306
|
+
```ruby
|
|
307
|
+
config.spinner_enabled = !Rails.env.test?
|
|
308
|
+
```
|
|
309
|
+
|
|
310
|
+
Or alternativelly, you should send a valid spinner value along your requests:
|
|
311
|
+
|
|
312
|
+
```ruby
|
|
313
|
+
# RSpec example
|
|
314
|
+
session[:invisible_captcha_spinner] = '32ab649161f9f6faeeb323746de1a25d'
|
|
315
|
+
post :create, params: { topic: { title: 'foo' }, spinner: '32ab649161f9f6faeeb323746de1a25d' }
|
|
316
|
+
```
|
|
317
|
+
|
|
298
318
|
## Contribute
|
|
299
319
|
|
|
300
320
|
Any kind of idea, feedback or bug report are welcome! Open an [issue](https://github.com/markets/invisible_captcha/issues) or send a [pull request](https://github.com/markets/invisible_captcha/pulls).
|
|
@@ -21,7 +21,10 @@ module InvisibleCaptcha
|
|
|
21
21
|
def detect_spam(options = {})
|
|
22
22
|
if timestamp_spam?(options)
|
|
23
23
|
on_timestamp_spam(options)
|
|
24
|
-
|
|
24
|
+
return if performed?
|
|
25
|
+
end
|
|
26
|
+
|
|
27
|
+
if honeypot_spam?(options) || spinner_spam?
|
|
25
28
|
on_spam(options)
|
|
26
29
|
end
|
|
27
30
|
end
|
|
@@ -73,7 +76,7 @@ module InvisibleCaptcha
|
|
|
73
76
|
end
|
|
74
77
|
|
|
75
78
|
def spinner_spam?
|
|
76
|
-
if InvisibleCaptcha.spinner_enabled && params[:spinner] != session[:invisible_captcha_spinner]
|
|
79
|
+
if InvisibleCaptcha.spinner_enabled && (params[:spinner].blank? || params[:spinner] != session[:invisible_captcha_spinner])
|
|
77
80
|
warn_spam("Spinner value mismatch")
|
|
78
81
|
return true
|
|
79
82
|
end
|
data/spec/controllers_spec.rb
CHANGED
|
@@ -71,6 +71,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
71
71
|
.to be_present
|
|
72
72
|
end
|
|
73
73
|
|
|
74
|
+
it 'runs on_spam callback if on_timestamp_spam callback is defined but passes' do
|
|
75
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar', subtitle: 'foo' } }
|
|
76
|
+
|
|
77
|
+
expect(response.status).to eq(204)
|
|
78
|
+
end
|
|
79
|
+
|
|
74
80
|
context 'successful submissions' do
|
|
75
81
|
it 'passes if submission on or after timestamp_threshold' do
|
|
76
82
|
sleep InvisibleCaptcha.timestamp_threshold
|
|
@@ -98,6 +104,12 @@ RSpec.describe InvisibleCaptcha::ControllerExt, type: :controller do
|
|
|
98
104
|
expect(flash[:error]).not_to be_present
|
|
99
105
|
expect(response.body).to redirect_to(new_topic_path)
|
|
100
106
|
end
|
|
107
|
+
|
|
108
|
+
it 'passes if on_timestamp_spam doesn\'t perform' do
|
|
109
|
+
put :test_passthrough, params: { id: 1, topic: { title: 'bar' } }
|
|
110
|
+
|
|
111
|
+
expect(response.body).to redirect_to(new_topic_path)
|
|
112
|
+
end
|
|
101
113
|
end
|
|
102
114
|
end
|
|
103
115
|
|
|
@@ -13,6 +13,10 @@ class TopicsController < ApplicationController
|
|
|
13
13
|
|
|
14
14
|
invisible_captcha only: :categorize
|
|
15
15
|
|
|
16
|
+
invisible_captcha honeypot: :subtitle, only: :test_passthrough,
|
|
17
|
+
on_spam: :catching_on_spam_callback,
|
|
18
|
+
on_timestamp_spam: :on_timestamp_spam_callback_with_passthrough
|
|
19
|
+
|
|
16
20
|
def index
|
|
17
21
|
redirect_to new_topic_path
|
|
18
22
|
end
|
|
@@ -56,6 +60,10 @@ class TopicsController < ApplicationController
|
|
|
56
60
|
end
|
|
57
61
|
end
|
|
58
62
|
|
|
63
|
+
def test_passthrough
|
|
64
|
+
redirect_to new_topic_path
|
|
65
|
+
end
|
|
66
|
+
|
|
59
67
|
private
|
|
60
68
|
|
|
61
69
|
def custom_callback
|
|
@@ -65,4 +73,12 @@ class TopicsController < ApplicationController
|
|
|
65
73
|
def custom_timestamp_callback
|
|
66
74
|
head(204)
|
|
67
75
|
end
|
|
76
|
+
|
|
77
|
+
def on_timestamp_spam_callback_with_passthrough
|
|
78
|
+
end
|
|
79
|
+
|
|
80
|
+
def catching_on_spam_callback
|
|
81
|
+
head(204)
|
|
82
|
+
end
|
|
83
|
+
|
|
68
84
|
end
|
data/spec/dummy/config/routes.rb
CHANGED
metadata
CHANGED
|
@@ -1,14 +1,14 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: invisible_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 2.
|
|
4
|
+
version: 2.3.0
|
|
5
5
|
platform: ruby
|
|
6
6
|
authors:
|
|
7
7
|
- Marc Anguera Insa
|
|
8
8
|
autorequire:
|
|
9
9
|
bindir: bin
|
|
10
10
|
cert_chain: []
|
|
11
|
-
date: 2024-
|
|
11
|
+
date: 2024-03-17 00:00:00.000000000 Z
|
|
12
12
|
dependencies:
|
|
13
13
|
- !ruby/object:Gem::Dependency
|
|
14
14
|
name: rails
|