negative_captcha 0.3 → 0.3.1
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +9 -0
- data/lib/negative_captcha.rb +7 -2
- data/lib/negative_captcha/view_helpers.rb +6 -6
- metadata +2 -2
data/README.markdown
CHANGED
@@ -73,6 +73,15 @@ Modify your POST action(s) to check for the validity of the negative captcha for
|
|
73
73
|
render :action => 'new'
|
74
74
|
end
|
75
75
|
end
|
76
|
+
### Automated tests
|
77
|
+
|
78
|
+
To make all field ids and names predictable for tests,
|
79
|
+
simply add the following line in config/environments/test.rb
|
80
|
+
|
81
|
+
NegativeCaptcha.test_mode = true
|
82
|
+
|
83
|
+
This will ensure that a field named email will not generate a hash but a field name test-email instead.
|
84
|
+
A tool like cucumber can now bypass this security while still going through the captcha workflow.
|
76
85
|
|
77
86
|
### Form Example
|
78
87
|
|
data/lib/negative_captcha.rb
CHANGED
@@ -10,6 +10,11 @@ class NegativeCaptcha
|
|
10
10
|
:timestamp,
|
11
11
|
:error
|
12
12
|
|
13
|
+
@@test_mode = false
|
14
|
+
def self.test_mode=(value)
|
15
|
+
class_variable_set(:@@test_mode, value)
|
16
|
+
end
|
17
|
+
|
13
18
|
def initialize(opts)
|
14
19
|
self.secret = opts[:secret] ||
|
15
20
|
Digest::MD5.hexdigest("this_is_a_secret_key")
|
@@ -30,7 +35,7 @@ This usually happens because an automated script attempted to submit this form.
|
|
30
35
|
MESSAGE
|
31
36
|
|
32
37
|
self.fields = opts[:fields].inject({}) do |hash, field_name|
|
33
|
-
hash[field_name] = Digest::MD5.hexdigest(
|
38
|
+
hash[field_name] = @@test_mode ? "test-#{field_name}" : Digest::MD5.hexdigest(
|
34
39
|
[field_name, spinner, secret].join('-')
|
35
40
|
)
|
36
41
|
|
@@ -60,7 +65,7 @@ This usually happens because an automated script attempted to submit this form.
|
|
60
65
|
self.error = "Error: Invalid timestamp. #{message}"
|
61
66
|
elsif params[:spinner] != spinner
|
62
67
|
self.error = "Error: Invalid spinner. #{message}"
|
63
|
-
elsif fields.keys.detect {|name| params[name] && params[name]
|
68
|
+
elsif fields.keys.detect {|name| params[name] && params[name] =~ /\S/}
|
64
69
|
self.error = <<-ERROR
|
65
70
|
Error: Hidden form fields were submitted that should not have been. #{message}
|
66
71
|
ERROR
|
@@ -36,9 +36,9 @@ module ActionView
|
|
36
36
|
negative_captcha.values[field],
|
37
37
|
options
|
38
38
|
) +
|
39
|
-
|
40
|
-
hidden_field_tag(field, '', :tabindex => '999')
|
41
|
-
|
39
|
+
content_tag('div', :style => 'position: absolute; left: -2000px;') do
|
40
|
+
hidden_field_tag(field, '', :tabindex => '999')
|
41
|
+
end.html_safe
|
42
42
|
end
|
43
43
|
|
44
44
|
def negative_password_field_tag(negative_captcha, field, options={})
|
@@ -47,9 +47,9 @@ module ActionView
|
|
47
47
|
negative_captcha.values[field],
|
48
48
|
options
|
49
49
|
) +
|
50
|
-
|
51
|
-
password_field_tag(field, '', :tabindex => '999')
|
52
|
-
|
50
|
+
content_tag('div', :style => 'position: absolute; left: -2000px;') do
|
51
|
+
password_field_tag(field, '', :tabindex => '999')
|
52
|
+
end.html_safe
|
53
53
|
end
|
54
54
|
|
55
55
|
def negative_label_tag(negative_captcha, field, name, options={})
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: negative_captcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version:
|
4
|
+
version: 0.3.1
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date: 2012-
|
12
|
+
date: 2012-11-26 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: actionpack
|