karsthammer-validates_captcha 0.9.5a

data/lib/validates_captcha/provider/question.rb

@@ -0,0 +1,110 @@
+require 'action_view/helpers'
+
+module ValidatesCaptcha
+  module Provider
+    # A question/answer captcha provider.
+    class Question
+      include ActionView::Helpers
+      
+      DEFAULT_QUESTIONS_AND_ANSWERS = {
+        "What's the capital of France?" => "Paris",
+        "What's the capital of Germany?" => "Berlin",
+        "What's the opposite of good?" => ["bad", "evil"],
+        "What's the opposite of love?" => "hate",
+        "What's the sum of 2 and 3?" => ["5", "five"],
+        "What's the product of 3 and 4?" => ["12", "twelve"],
+        "Thumb, tooth or hand: which is part of the head?" => "tooth",
+        "Bread, ham or milk: which is something to drink?" => "milk",
+        "What day is today, if yesterday was Friday?" => "Saturday",
+        "What day is today, if tomorrow is Tuesday?" => "Monday",
+        "What is the 2nd letter of the the third word in this question?" => "h",
+        "What color is the sky on a sunny day?" => "blue" }.freeze
+      
+      @@questions_and_answers = DEFAULT_QUESTIONS_AND_ANSWERS
+      
+      class << self
+        # Returns the current captcha questions/answers hash. Defaults to 
+        # DEFAULT_QUESTIONS_AND_ANSWERS.
+        def questions_and_answers
+          @@questions_and_answers
+        end
+        
+        # Sets the current captcha questions/answers hash. Used to set a
+        # custom questions/answers hash.
+        def questions_and_answers=(qna)
+          @@questions_and_answers = qna
+        end
+      end
+      
+      # This method is the one called by Rack.
+      # 
+      # It returns HTTP status 404 if the path is not recognized. If the path is 
+      # recognized, it returns HTTP status 200 and delivers a new challenge in 
+      # JSON format.
+      #
+      # Please take a look at the source code if you want to learn more.
+      def call(env)
+        if env['PATH_INFO'] == regenerate_path
+          captcha_challenge = generate_challenge
+          json = { :captcha_challenge => captcha_challenge }.to_json
+          
+          [200, { 'Content-Type' => 'application/json' }, [json]]
+        else
+          [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
+        end
+      end
+      
+      # Returns a captcha question.
+      def generate_challenge
+        self.class.questions_and_answers.keys[rand(self.class.questions_and_answers.keys.size)]
+      end
+        
+      # Returns true if the captcha was solved using the given +question+ and +answer+, 
+      # otherwise false.
+      def solved?(question, answer)
+        return false unless self.class.questions_and_answers.key?(question)
+        answers = Array.wrap(self.class.questions_and_answers[question]).map(&:downcase)
+        answers.include?(answer.downcase)
+      end
+      
+      # Returns a span tag with the inner HTML set to the captcha question.
+      # 
+      # Internally calls Rails' +content_tag+ helper method, passing the +options+ argument.
+      def render_challenge(sanitized_object_name, object, options = {})
+        options[:id] = "#{sanitized_object_name}_captcha_question"
+        
+        content_tag :span, object.captcha_challenge, options
+      end
+      
+      # Returns an anchor tag that makes an AJAX request to fetch a new question and updates 
+      # the captcha challenge after the request is complete.
+      # 
+      # Internally calls Rails' +link_to_remote+ helper method, passing the +options+ and 
+      # +html_options+ arguments. So it relies on the Prototype javascript framework 
+      # to be available on the web page.
+      #
+      # The anchor text defaults to 'New question'. You can set this to a custom value 
+      # providing a +:text+ key in the +options+ hash.
+      def render_regenerate_challenge_link(sanitized_object_name, object, options = {}, html_options = {})
+        text = options.delete(:text) || 'New question'
+        success = "var result = request.responseJSON; $('#{sanitized_object_name}_captcha_question').update(result.captcha_challenge); $('#{sanitized_object_name}_captcha_challenge').value = result.captcha_challenge; $('#{sanitized_object_name}_captcha_solution').value = '';"
+        
+        link_to_remote text, options.reverse_merge(:url => regenerate_path, :method => :get, :success => success), html_options
+      end
+      
+      private        
+        def regenerate_path #:nodoc:
+          '/captchas/regenerate'
+        end
+      
+        # This is needed by +link_to_remote+ called in +render_regenerate_link+.
+        def protect_against_forgery? #:nodoc:
+          false
+        end
+        
+        def solve(challenge) #:nodoc:
+          Array.wrap(self.class.questions_and_answers[challenge]).first
+        end
+    end
+  end
+end

data/lib/validates_captcha/provider/static_image.rb

@@ -0,0 +1,224 @@
+require 'digest/sha1'
+require 'action_view/helpers'
+
+module ValidatesCaptcha
+  module Provider
+    # An image captcha provider that relies on pre-created captcha images.
+    #
+    # There is a Rake tast for creating the captcha images:
+    #
+    #  rake validates_captcha:create_static_images
+    #
+    # This will create 3 images in #filesystem_dir. To create a 
+    # different number of images, provide a COUNT argument:
+    #
+    #  rake validates_captcha:create_static_images COUNT=50 
+    #
+    # This class contains the getters and setters for the backend classes:
+    # image generator and string generator.  This allows you to replace them 
+    # with your custom implementations.  For more information on how to bring 
+    # the image provider to use your own implementation instead of the default 
+    # one, consult the documentation for the specific default class.
+    #
+    # The default captcha image generator uses ImageMagick's +convert+ command to 
+    # create the captcha.  So a recent and properly configured version of ImageMagick 
+    # must be installed on the system.  The version used while developing was 6.4.5.  
+    # But you are not bound to ImageMagick.  If you want to provide a custom image 
+    # generator, take a look at the documentation for 
+    # ValidatesCaptcha::ImageGenerator::Simple on how to create your own.
+    class StaticImage
+      include ActionView::Helpers
+      
+      SALT = "3f(61&831_fa0712d4a?b58-eb4b8$a2%.36378f".freeze
+      
+      @@string_generator = nil
+      @@image_generator = nil
+      @@filesystem_dir = nil
+      @@web_dir = nil
+      @@salt = nil
+      
+      class << self
+        # Returns the current captcha string generator. Defaults to an
+        # instance of the ValidatesCaptcha::StringGenerator::Simple class.
+        def string_generator
+          @@string_generator ||= ValidatesCaptcha::StringGenerator::Simple.new
+        end
+        
+        # Sets the current captcha string generator. Used to set a
+        # custom string generator.
+        def string_generator=(generator)
+          @@string_generator = generator
+        end
+        
+        # Returns the current captcha image generator. Defaults to an
+        # instance of the ValidatesCaptcha::ImageGenerator::Simple class.
+        def image_generator
+          @@image_generator ||= ValidatesCaptcha::ImageGenerator::Simple.new
+        end
+        
+        # Sets the current captcha image generator. Used to set a custom
+        # image generator.
+        def image_generator=(generator)
+          @@image_generator = generator
+        end
+        
+        # Returns the current captcha image file system directory. Defaults to 
+        # +RAILS_ROOT/public/images/captchas+.
+        def filesystem_dir
+          @@filesystem_dir ||= ::File.join(::Rails.public_path, 'images', 'captchas')
+        end
+        
+        # Sets the current captcha image file system directory. Used to set a custom
+        # image directory.
+        def filesystem_dir=(dir)
+          @@filesystem_dir = dir
+        end
+        
+        # Returns the current captcha image web directory. Defaults to 
+        # +/images/captchas+.
+        def web_dir
+          @@web_dir ||= '/images/captchas'
+        end
+        
+        # Sets the current captcha image web directory. Used to set a custom
+        # image directory.
+        def web_dir=(dir)
+          @@web_dir = dir
+        end
+        
+        # Returns the current salt used for encryption.
+        def salt
+          @@salt ||= SALT
+        end
+        
+        # Sets the current salt used for encryption. Used to set a custom
+        # salt.
+        def salt=(salt)
+          @@salt = salt
+        end
+        
+        # Return the encryption of the +code+ using #salt.
+        def encrypt(code)
+          ::Digest::SHA1.hexdigest "#{salt}--#{code}"
+        end        
+        
+        # Creates a captcha image in the #filesystem_dir and returns 
+        # the path to it and the code displayed on the image.
+        def create_image
+          code = string_generator.generate
+          encrypted_code = encrypt(code)
+          
+          image_filename = "#{encrypted_code}#{image_generator.file_extension}"
+          image_path = File.join(filesystem_dir, image_filename)
+          image_bytes = image_generator.generate(code)
+          
+          File.open image_path, 'w' do |os|
+            os.write image_bytes
+          end
+          
+          return image_path, code
+        end
+      end
+      
+      # This method is the one called by Rack.
+      # 
+      # It returns HTTP status 404 if the path is not recognized. If the path is 
+      # recognized, it returns HTTP status 200 and delivers a new challenge in 
+      # JSON format.
+      #
+      # Please take a look at the source code if you want to learn more.
+      def call(env)
+        if env['PATH_INFO'] == regenerate_path
+          captcha_challenge = generate_challenge
+          json = { :captcha_challenge => captcha_challenge, :captcha_image_path => image_path(captcha_challenge) }.to_json
+          
+          [200, { 'Content-Type' => 'application/json' }, [json]]
+        else
+          [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
+        end
+      end
+      
+      # Returns an array containing the paths to the available captcha images.
+      def images
+        @images ||= Dir[File.join(filesystem_dir, "*#{image_file_extension}")]
+      end
+      
+      # Returns an array containing the available challenges (encrypted captcha codes).
+      def challenges
+        @challenges ||= images.map { |path| File.basename(path, image_file_extension) }
+      end
+      
+      # Returns a captcha challenge.
+      def generate_challenge
+        raise("no captcha images found in #{filesystem_dir}") if challenges.empty?
+        
+        challenges[rand(challenges.size)]
+      end
+        
+      # Returns true if the captcha was solved using the given +challenge+ and +solution+, 
+      # otherwise false.
+      def solved?(challenge, solution)
+        challenge == encrypt(solution)
+      end
+      
+      # Returns an image tag with the source set to the url of the captcha image.
+      # 
+      # Internally calls Rails' +image_tag+ helper method, passing the +options+ argument.
+      def render_challenge(sanitized_object_name, object, options = {})
+        src = image_path(object.captcha_challenge)
+        
+        options[:alt] ||= 'CAPTCHA'
+        options[:id] = "#{sanitized_object_name}_captcha_image"
+        
+        image_tag src, options
+      end
+      
+      # Returns an anchor tag that makes an AJAX request to fetch a new captcha code and updates 
+      # the captcha image after the request is complete.
+      # 
+      # Internally calls Rails' +link_to_remote+ helper method, passing the +options+ and 
+      # +html_options+ arguments. So it relies on the Prototype javascript framework 
+      # to be available on the web page.
+      #
+      # The anchor text defaults to 'Regenerate Captcha'. You can set this to a custom value 
+      # providing a +:text+ key in the +options+ hash.
+      def render_regenerate_challenge_link(sanitized_object_name, object, options = {}, html_options = {})
+        text = options.delete(:text) || 'Regenerate Captcha'
+        success = "var result = request.responseJSON; $('#{sanitized_object_name}_captcha_image').src = result.captcha_image_path; $('#{sanitized_object_name}_captcha_challenge').value = result.captcha_challenge; $('#{sanitized_object_name}_captcha_solution').value = '';"
+        
+        link_to_remote text, options.reverse_merge(:url => regenerate_path, :method => :get, :success => success), html_options
+      end
+      
+      private        
+        def regenerate_path #:nodoc:
+          '/captchas/regenerate'
+        end
+        
+        def image_file_extension #:nodoc:
+          self.class.image_generator.file_extension
+        end
+      
+        def image_path(encrypted_code) #:nodoc:
+          File.join(web_dir, "#{encrypted_code}#{image_file_extension}")
+        end
+      
+        def encrypt(code) #:nodoc:
+          self.class.encrypt code
+        end
+        
+        def filesystem_dir #:nodoc:
+          self.class.filesystem_dir
+        end
+        
+        def web_dir #:nodoc:
+          self.class.web_dir
+        end
+      
+        # This is needed by +link_to_remote+ called in +render_regenerate_link+.
+        def protect_against_forgery? #:nodoc:
+          false
+        end
+    end
+  end
+end
+      

data/lib/validates_captcha/string_generator/simple.rb

@@ -0,0 +1,81 @@
+module ValidatesCaptcha
+  module StringGenerator
+    # This class is responsible for generating the codes that are displayed 
+    # on the captcha images. It does so by randomly selecting a number of 
+    # characters from a predefined alphabet constisting of visually distinguishable 
+    # letters and digits.
+    #
+    # The number of characters and the alphabet used when generating strings can 
+    # be customized. See the #alphabet= and #length= methods for details.
+    #
+    # You can implement your own string generator by creating a 
+    # class that conforms to the method definitions of the example below and 
+    # assign an instance of it to 
+    # ValidatesCaptcha::Provider::DynamicImage#string_generator=.
+    #
+    # Example for a custom string generator:
+    #
+    #  class DictionaryGenerator
+    #    DICTIONARY = ['foo', 'bar', 'baz', ...]
+    #  
+    #    def generate
+    #      return DICTIONARY[rand(DICTIONARY.size)]
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha::Provider::DynamicImage.string_generator = DictionaryGenerator.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
+    #
+    # You can also assign it to ValidatesCaptcha::Provider::StaticImage#string_generator=.
+    #    
+    class Simple
+      @@alphabet = 'abdefghjkmnqrtABDEFGHJKLMNQRT234678923467892346789'
+      @@length = 6
+      
+      class << self
+        # Returns a string holding the chars used when randomly generating the text that 
+        # is displayed on a captcha image. Defaults to a string of visually distinguishable 
+        # letters and digits.
+        def alphabet
+          @@alphabet
+        end
+
+        # Sets the string to use as alphabet when randomly generating the text displayed 
+        # on a captcha image. To increase the probability of appearing in the image, some 
+        # characters might appear more than once in the string.
+        #
+        # You can set this to a custom alphabet within a Rails initializer:
+        #
+        #  ValidatesCaptcha::StringGenerator::Simple.alphabet = '01'
+        def alphabet=(alphabet)
+          alphabet = alphabet.to_s.gsub(/\s/, '')
+          raise('alphabet cannot be blank') if alphabet.blank?
+          
+          @@alphabet = alphabet
+        end
+    
+        # Returns the length to use when generating captcha codes. Defaults to 6.
+        def length
+          @@length
+        end
+
+        # Sets the length to use when generating captcha codes.
+        #
+        # You can set this to a custom length within a Rails initializer:
+        #
+        #  ValidatesCaptcha::StringGenerator::Simple.length = 8
+        def length=(length)
+          @@length = length.to_i
+        end
+      end
+      
+      # Randomly generates a string to be used as the code displayed on captcha images.
+      def generate
+        alphabet_chars = self.class.alphabet.split(//)
+        code_chars = []
+        self.class.length.times { code_chars << alphabet_chars[rand(alphabet_chars.size)] }
+        code_chars.join
+      end
+    end
+  end
+end

data/lib/validates_captcha/symmetric_encryptor/simple.rb

@@ -0,0 +1,52 @@
+require 'active_support'
+
+module ValidatesCaptcha
+  module SymmetricEncryptor
+    # This class is responsible for encrypting and decrypting captcha codes. 
+    # It internally uses ActiveSupport's MessageEncryptor to do the string 
+    # encryption/decryption.
+    #
+    # You can implement your own symmetric encryptor by creating a class 
+    # that conforms to the method definitions of the example below and 
+    # assign an instance of it to 
+    # ValidatesCaptcha::Provider::DynamicImage#symmetric_encryptor=.
+    #
+    # Example for a custom symmetric encryptor:
+    #
+    #  class ReverseString # very insecure and easily cracked
+    #    def encrypt(code)
+    #      code.reverse
+    #    end
+    #
+    #    def decrypt(encrypted_code)
+    #      encrypted_code.reverse
+    #    rescue SomeKindOfDecryptionError
+    #      nil
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha::Provider::DynamicImage.symmetric_encryptor = ReverseString.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
+    #
+    # Please note: The #decrypt method should return +nil+ if decryption fails. 
+    class Simple
+      KEY = ::ActiveSupport::SecureRandom.hex(64).freeze
+      
+      def initialize #:nodoc:
+        @symmetric_encryptor = ::ActiveSupport::MessageEncryptor.new(KEY)
+      end
+    
+      # Encrypts a cleartext string. 
+      def encrypt(code)
+        @symmetric_encryptor.encrypt(code).gsub('+', '%2B').gsub('/', '%2F')
+      end
+    
+      # Decrypts an encrypted string.
+      def decrypt(encrypted_code)
+        @symmetric_encryptor.decrypt encrypted_code.gsub('%2F', '/').gsub('%2B', '+')
+      rescue ::ActiveSupport::MessageEncryptor::InvalidMessage
+        nil
+      end
+    end
+  end
+end