negative_captcha 0.3.3 → 0.4
Sign up to get free protection for your applications and to get access to all the features.
- data/README.markdown +21 -15
- data/lib/negative_captcha/view_helpers.rb +6 -6
- data/lib/negative_captcha.rb +4 -1
- metadata +2 -2
data/README.markdown
CHANGED
@@ -46,9 +46,6 @@ You can let bundler install Negative Captcha by adding this line to your applica
|
|
46
46
|
gem 'negative_captcha'
|
47
47
|
```
|
48
48
|
|
49
|
-
And then execute:
|
50
|
-
|
51
|
-
bundle install
|
52
49
|
|
53
50
|
### Controller Hooks
|
54
51
|
|
@@ -64,10 +61,14 @@ In the same controller include the following private method:
|
|
64
61
|
private
|
65
62
|
def setup_negative_captcha
|
66
63
|
@captcha = NegativeCaptcha.new(
|
67
|
-
|
68
|
-
:
|
69
|
-
:
|
70
|
-
|
64
|
+
# A secret key entered in environment.rb. 'rake secret' will give you a good one.
|
65
|
+
secret: NEGATIVE_CAPTCHA_SECRET,
|
66
|
+
spinner: request.remote_ip,
|
67
|
+
# Whatever fields are in your form
|
68
|
+
fields: [:name, :email, :body],
|
69
|
+
# If you wish to override the default CSS styles (position: absolute; left: -2000px;) used to position the fields off-screen
|
70
|
+
css: "display: none",
|
71
|
+
params: params
|
71
72
|
)
|
72
73
|
end
|
73
74
|
```
|
@@ -76,11 +77,15 @@ Modify your POST action(s) to check for the validity of the negative captcha for
|
|
76
77
|
|
77
78
|
```ruby
|
78
79
|
def create
|
79
|
-
|
80
|
+
# Decrypted params are stored in @captcha.values
|
81
|
+
@comment = Comment.new(@captcha.values)
|
82
|
+
|
83
|
+
# @captcha.valid? will return false if a bot submitted the form
|
80
84
|
if @captcha.valid? && @comment.save
|
81
85
|
redirect_to @comment
|
82
86
|
else
|
83
|
-
|
87
|
+
# @captcha.error will explain what went wrong
|
88
|
+
flash[:notice] = @captcha.error if @captcha.error
|
84
89
|
render :action => 'new'
|
85
90
|
end
|
86
91
|
end
|
@@ -89,14 +94,14 @@ end
|
|
89
94
|
### Automated tests
|
90
95
|
|
91
96
|
To make all field ids and names predictable for tests,
|
92
|
-
simply add the following line in
|
97
|
+
simply add the following line in your spec helper.
|
93
98
|
|
94
99
|
```ruby
|
95
100
|
NegativeCaptcha.test_mode = true
|
96
101
|
```
|
97
102
|
|
98
|
-
This will ensure that a field named email will not
|
99
|
-
A tool like
|
103
|
+
This will ensure that a field named `email` will not be referred to by a hash but by `test-email` instead.
|
104
|
+
A tool like capybara can now bypass this security while still going through the captcha workflow.
|
100
105
|
|
101
106
|
### Form Example
|
102
107
|
|
@@ -104,19 +109,20 @@ Modify your form to include the honeypots and other fields. You can probably lea
|
|
104
109
|
|
105
110
|
```erb
|
106
111
|
<% form_tag comments_path do -%>
|
112
|
+
<%# The `negative_captcha` call gives us the honeypots, spinners and whatnot %>
|
107
113
|
<%= raw negative_captcha(@captcha) %>
|
108
114
|
<ul class="contact_us">
|
109
115
|
<li>
|
110
116
|
<%= negative_label_tag(@captcha, :name, 'Name:') %>
|
111
|
-
<%= negative_text_field_tag
|
117
|
+
<%= negative_text_field_tag(@captcha, :name) %>
|
112
118
|
</li>
|
113
119
|
<li>
|
114
120
|
<%= negative_label_tag(@captcha, :email, 'Email:') %>
|
115
|
-
<%= negative_text_field_tag
|
121
|
+
<%= negative_text_field_tag(@captcha, :email) %>
|
116
122
|
</li>
|
117
123
|
<li>
|
118
124
|
<%= negative_label_tag(@captcha, :body, 'Your Comment:') %>
|
119
|
-
<%= negative_text_area_tag
|
125
|
+
<%= negative_text_area_tag(@captcha, :body) %>
|
120
126
|
</li>
|
121
127
|
<li>
|
122
128
|
<%= submit_tag %>
|
@@ -14,7 +14,7 @@ module ActionView
|
|
14
14
|
negative_captcha.values[field],
|
15
15
|
options
|
16
16
|
) +
|
17
|
-
content_tag('div', :style =>
|
17
|
+
content_tag('div', :style => negative_captcha.css) do
|
18
18
|
text_field_tag(field, '', :tabindex => '999', :autocomplete => 'off')
|
19
19
|
end.html_safe
|
20
20
|
end
|
@@ -25,7 +25,7 @@ module ActionView
|
|
25
25
|
negative_captcha.values[field],
|
26
26
|
options
|
27
27
|
) +
|
28
|
-
content_tag('div', :style =>
|
28
|
+
content_tag('div', :style => negative_captcha.css) do
|
29
29
|
text_area_tag(field, '', :tabindex => '999', :autocomplete => 'off')
|
30
30
|
end.html_safe
|
31
31
|
end
|
@@ -36,7 +36,7 @@ module ActionView
|
|
36
36
|
negative_captcha.values[field],
|
37
37
|
options
|
38
38
|
) +
|
39
|
-
content_tag('div', :style =>
|
39
|
+
content_tag('div', :style => negative_captcha.css) do
|
40
40
|
hidden_field_tag(field, '', :tabindex => '999')
|
41
41
|
end.html_safe
|
42
42
|
end
|
@@ -46,7 +46,7 @@ module ActionView
|
|
46
46
|
negative_captcha.fields[field],
|
47
47
|
options.merge(:value => negative_captcha.values[field])
|
48
48
|
) +
|
49
|
-
content_tag('div', :style =>
|
49
|
+
content_tag('div', :style => negative_captcha.css) do
|
50
50
|
file_field_tag(field, :tabindex => '999')
|
51
51
|
end
|
52
52
|
end
|
@@ -57,7 +57,7 @@ module ActionView
|
|
57
57
|
negative_captcha.values[field],
|
58
58
|
options
|
59
59
|
) +
|
60
|
-
content_tag('div', :style =>
|
60
|
+
content_tag('div', :style => negative_captcha.css) do
|
61
61
|
check_box_tag(field, '', :tabindex => '999')
|
62
62
|
end
|
63
63
|
end
|
@@ -68,7 +68,7 @@ module ActionView
|
|
68
68
|
negative_captcha.values[field],
|
69
69
|
options
|
70
70
|
) +
|
71
|
-
content_tag('div', :style =>
|
71
|
+
content_tag('div', :style => negative_captcha.css) do
|
72
72
|
password_field_tag(field, '', :tabindex => '999')
|
73
73
|
end.html_safe
|
74
74
|
end
|
data/lib/negative_captcha.rb
CHANGED
@@ -7,6 +7,7 @@ class NegativeCaptcha
|
|
7
7
|
:values,
|
8
8
|
:secret,
|
9
9
|
:spinner,
|
10
|
+
:css,
|
10
11
|
:message,
|
11
12
|
:timestamp,
|
12
13
|
:error
|
@@ -30,6 +31,8 @@ class NegativeCaptcha
|
|
30
31
|
([timestamp, secret] + Array(opts[:spinner])).join('-')
|
31
32
|
)
|
32
33
|
|
34
|
+
self.css = opts[:css] || "position: absolute; left: -2000px;"
|
35
|
+
|
33
36
|
self.message = opts[:message] || <<-MESSAGE
|
34
37
|
Please try again.
|
35
38
|
This usually happens because an automated script attempted to submit this form.
|
@@ -56,7 +59,7 @@ This usually happens because an automated script attempted to submit this form.
|
|
56
59
|
end
|
57
60
|
|
58
61
|
def valid?
|
59
|
-
error.
|
62
|
+
error.blank?
|
60
63
|
end
|
61
64
|
|
62
65
|
def process(params)
|
metadata
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: negative_captcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 0.
|
4
|
+
version: '0.4'
|
5
5
|
prerelease:
|
6
6
|
platform: ruby
|
7
7
|
authors:
|
@@ -9,7 +9,7 @@ authors:
|
|
9
9
|
autorequire:
|
10
10
|
bindir: bin
|
11
11
|
cert_chain: []
|
12
|
-
date:
|
12
|
+
date: 2014-12-08 00:00:00.000000000 Z
|
13
13
|
dependencies:
|
14
14
|
- !ruby/object:Gem::Dependency
|
15
15
|
name: actionpack
|