negative_captcha 0.3.3 → 0.4
This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
- data/README.markdown +21 -15
- data/lib/negative_captcha/view_helpers.rb +6 -6
- data/lib/negative_captcha.rb +4 -1
- metadata +2 -2
data/README.markdown
CHANGED
|
@@ -46,9 +46,6 @@ You can let bundler install Negative Captcha by adding this line to your applica
|
|
|
46
46
|
gem 'negative_captcha'
|
|
47
47
|
```
|
|
48
48
|
|
|
49
|
-
And then execute:
|
|
50
|
-
|
|
51
|
-
bundle install
|
|
52
49
|
|
|
53
50
|
### Controller Hooks
|
|
54
51
|
|
|
@@ -64,10 +61,14 @@ In the same controller include the following private method:
|
|
|
64
61
|
private
|
|
65
62
|
def setup_negative_captcha
|
|
66
63
|
@captcha = NegativeCaptcha.new(
|
|
67
|
-
|
|
68
|
-
:
|
|
69
|
-
:
|
|
70
|
-
|
|
64
|
+
# A secret key entered in environment.rb. 'rake secret' will give you a good one.
|
|
65
|
+
secret: NEGATIVE_CAPTCHA_SECRET,
|
|
66
|
+
spinner: request.remote_ip,
|
|
67
|
+
# Whatever fields are in your form
|
|
68
|
+
fields: [:name, :email, :body],
|
|
69
|
+
# If you wish to override the default CSS styles (position: absolute; left: -2000px;) used to position the fields off-screen
|
|
70
|
+
css: "display: none",
|
|
71
|
+
params: params
|
|
71
72
|
)
|
|
72
73
|
end
|
|
73
74
|
```
|
|
@@ -76,11 +77,15 @@ Modify your POST action(s) to check for the validity of the negative captcha for
|
|
|
76
77
|
|
|
77
78
|
```ruby
|
|
78
79
|
def create
|
|
79
|
-
|
|
80
|
+
# Decrypted params are stored in @captcha.values
|
|
81
|
+
@comment = Comment.new(@captcha.values)
|
|
82
|
+
|
|
83
|
+
# @captcha.valid? will return false if a bot submitted the form
|
|
80
84
|
if @captcha.valid? && @comment.save
|
|
81
85
|
redirect_to @comment
|
|
82
86
|
else
|
|
83
|
-
|
|
87
|
+
# @captcha.error will explain what went wrong
|
|
88
|
+
flash[:notice] = @captcha.error if @captcha.error
|
|
84
89
|
render :action => 'new'
|
|
85
90
|
end
|
|
86
91
|
end
|
|
@@ -89,14 +94,14 @@ end
|
|
|
89
94
|
### Automated tests
|
|
90
95
|
|
|
91
96
|
To make all field ids and names predictable for tests,
|
|
92
|
-
simply add the following line in
|
|
97
|
+
simply add the following line in your spec helper.
|
|
93
98
|
|
|
94
99
|
```ruby
|
|
95
100
|
NegativeCaptcha.test_mode = true
|
|
96
101
|
```
|
|
97
102
|
|
|
98
|
-
This will ensure that a field named email will not
|
|
99
|
-
A tool like
|
|
103
|
+
This will ensure that a field named `email` will not be referred to by a hash but by `test-email` instead.
|
|
104
|
+
A tool like capybara can now bypass this security while still going through the captcha workflow.
|
|
100
105
|
|
|
101
106
|
### Form Example
|
|
102
107
|
|
|
@@ -104,19 +109,20 @@ Modify your form to include the honeypots and other fields. You can probably lea
|
|
|
104
109
|
|
|
105
110
|
```erb
|
|
106
111
|
<% form_tag comments_path do -%>
|
|
112
|
+
<%# The `negative_captcha` call gives us the honeypots, spinners and whatnot %>
|
|
107
113
|
<%= raw negative_captcha(@captcha) %>
|
|
108
114
|
<ul class="contact_us">
|
|
109
115
|
<li>
|
|
110
116
|
<%= negative_label_tag(@captcha, :name, 'Name:') %>
|
|
111
|
-
<%= negative_text_field_tag
|
|
117
|
+
<%= negative_text_field_tag(@captcha, :name) %>
|
|
112
118
|
</li>
|
|
113
119
|
<li>
|
|
114
120
|
<%= negative_label_tag(@captcha, :email, 'Email:') %>
|
|
115
|
-
<%= negative_text_field_tag
|
|
121
|
+
<%= negative_text_field_tag(@captcha, :email) %>
|
|
116
122
|
</li>
|
|
117
123
|
<li>
|
|
118
124
|
<%= negative_label_tag(@captcha, :body, 'Your Comment:') %>
|
|
119
|
-
<%= negative_text_area_tag
|
|
125
|
+
<%= negative_text_area_tag(@captcha, :body) %>
|
|
120
126
|
</li>
|
|
121
127
|
<li>
|
|
122
128
|
<%= submit_tag %>
|
|
@@ -14,7 +14,7 @@ module ActionView
|
|
|
14
14
|
negative_captcha.values[field],
|
|
15
15
|
options
|
|
16
16
|
) +
|
|
17
|
-
content_tag('div', :style =>
|
|
17
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
18
18
|
text_field_tag(field, '', :tabindex => '999', :autocomplete => 'off')
|
|
19
19
|
end.html_safe
|
|
20
20
|
end
|
|
@@ -25,7 +25,7 @@ module ActionView
|
|
|
25
25
|
negative_captcha.values[field],
|
|
26
26
|
options
|
|
27
27
|
) +
|
|
28
|
-
content_tag('div', :style =>
|
|
28
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
29
29
|
text_area_tag(field, '', :tabindex => '999', :autocomplete => 'off')
|
|
30
30
|
end.html_safe
|
|
31
31
|
end
|
|
@@ -36,7 +36,7 @@ module ActionView
|
|
|
36
36
|
negative_captcha.values[field],
|
|
37
37
|
options
|
|
38
38
|
) +
|
|
39
|
-
content_tag('div', :style =>
|
|
39
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
40
40
|
hidden_field_tag(field, '', :tabindex => '999')
|
|
41
41
|
end.html_safe
|
|
42
42
|
end
|
|
@@ -46,7 +46,7 @@ module ActionView
|
|
|
46
46
|
negative_captcha.fields[field],
|
|
47
47
|
options.merge(:value => negative_captcha.values[field])
|
|
48
48
|
) +
|
|
49
|
-
content_tag('div', :style =>
|
|
49
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
50
50
|
file_field_tag(field, :tabindex => '999')
|
|
51
51
|
end
|
|
52
52
|
end
|
|
@@ -57,7 +57,7 @@ module ActionView
|
|
|
57
57
|
negative_captcha.values[field],
|
|
58
58
|
options
|
|
59
59
|
) +
|
|
60
|
-
content_tag('div', :style =>
|
|
60
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
61
61
|
check_box_tag(field, '', :tabindex => '999')
|
|
62
62
|
end
|
|
63
63
|
end
|
|
@@ -68,7 +68,7 @@ module ActionView
|
|
|
68
68
|
negative_captcha.values[field],
|
|
69
69
|
options
|
|
70
70
|
) +
|
|
71
|
-
content_tag('div', :style =>
|
|
71
|
+
content_tag('div', :style => negative_captcha.css) do
|
|
72
72
|
password_field_tag(field, '', :tabindex => '999')
|
|
73
73
|
end.html_safe
|
|
74
74
|
end
|
data/lib/negative_captcha.rb
CHANGED
|
@@ -7,6 +7,7 @@ class NegativeCaptcha
|
|
|
7
7
|
:values,
|
|
8
8
|
:secret,
|
|
9
9
|
:spinner,
|
|
10
|
+
:css,
|
|
10
11
|
:message,
|
|
11
12
|
:timestamp,
|
|
12
13
|
:error
|
|
@@ -30,6 +31,8 @@ class NegativeCaptcha
|
|
|
30
31
|
([timestamp, secret] + Array(opts[:spinner])).join('-')
|
|
31
32
|
)
|
|
32
33
|
|
|
34
|
+
self.css = opts[:css] || "position: absolute; left: -2000px;"
|
|
35
|
+
|
|
33
36
|
self.message = opts[:message] || <<-MESSAGE
|
|
34
37
|
Please try again.
|
|
35
38
|
This usually happens because an automated script attempted to submit this form.
|
|
@@ -56,7 +59,7 @@ This usually happens because an automated script attempted to submit this form.
|
|
|
56
59
|
end
|
|
57
60
|
|
|
58
61
|
def valid?
|
|
59
|
-
error.
|
|
62
|
+
error.blank?
|
|
60
63
|
end
|
|
61
64
|
|
|
62
65
|
def process(params)
|
metadata
CHANGED
|
@@ -1,7 +1,7 @@
|
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
|
2
2
|
name: negative_captcha
|
|
3
3
|
version: !ruby/object:Gem::Version
|
|
4
|
-
version: 0.
|
|
4
|
+
version: '0.4'
|
|
5
5
|
prerelease:
|
|
6
6
|
platform: ruby
|
|
7
7
|
authors:
|
|
@@ -9,7 +9,7 @@ authors:
|
|
|
9
9
|
autorequire:
|
|
10
10
|
bindir: bin
|
|
11
11
|
cert_chain: []
|
|
12
|
-
date:
|
|
12
|
+
date: 2014-12-08 00:00:00.000000000 Z
|
|
13
13
|
dependencies:
|
|
14
14
|
- !ruby/object:Gem::Dependency
|
|
15
15
|
name: actionpack
|