new_google_recaptcha 0.1.0 → 1.0.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: f5410e7d18af6d1a30e7b679a10975ecfa59eccd6902efaf1e569de236920ac1
-  data.tar.gz: 578c1cbf8e7c1743dc26d71c44358625b4dfab5818c4bd6a69474ae90828fe7f
+  metadata.gz: fa810b760940cf717035ca4440a7fdc6fa770cde651ff6b987c0e10d0a471718
+  data.tar.gz: 41af27ec27a704388b0bc6e946fbf3ee595a261df8b90355720a9f6cb9742131
 SHA512:
-  metadata.gz: c7298d1b499360f7051c2488858921eb3f52c37159bb34470b8362ddeb63bf0934dd55db85966ed87299ad845b5fc52ca518f4f31c61cc76303da8e89d88c398
-  data.tar.gz: 3e7b5476d418e5e2d441797a1fc9af65c9909c711a924778c160f815c08edb5f6ead189fddc13f23b973016feba8e9e222f44c26c1157a497d9487947f44a705
+  metadata.gz: d378417f2010faed2b3bea508a54d17ddf66ca38766ba5d8c9ec3224a04742000c56a2121a1ec07217c86bfa59f2e36a7d84b680617cac2bb700093c0da39930
+  data.tar.gz: 9a3dad7d9fb2236905e94a970e499935b52f2d9281e56a9612c3439ccc229aa545afc43fb8a3c0992de4c7faa0551a0047b89064be9fd9dfd8b1ee74f937bd73

data/README.md

@@ -10,17 +10,22 @@ Recaptcha v3 documentation: https://developers.google.com/recaptcha/docs/v3
 
 - Open https://www.google.com/recaptcha/admin#list
 - register a new site
-- copy `site_key` and `secret_key` and put into config/initializer/new_google_recaptcha.rb
+- copy `site_key` and `secret_key` and put into config/initializers/new_google_recaptcha.rb
+- optionally, change the `minimum_score` in the initializer to a preferred float value (from 0.0 to 1.0)
 - in layout:
   ```erb
   <head>
     ...
-    <%= include_recaptcha_js %>
+    <%= yield :recaptcha_js %>
   </head>
   ```
 - in view where you for example you have a form:
   ```erb
+  <%= content_for :recaptcha_js do %>
+    <%= include_recaptcha_js %>
+  <% end %>
   <form ...>
+    <%#= 'checkout' is action name to be verified later %>
     <%= recaptcha_action('checkout') %>
   </form>
   ```
@@ -28,7 +33,12 @@ Recaptcha v3 documentation: https://developers.google.com/recaptcha/docs/v3
   ```ruby
   def create
     @post = Post.new(post_params)
-    if NewGoogleRecaptcha.human?(params[:new_google_recaptcha_token], @post) && @post.save
+    if NewGoogleRecaptcha.human?(
+        params[:new_google_recaptcha_token],
+        "checkout",
+        NewGoogleRecaptcha.minimum_score,
+        @post
+      ) && @post.save
       redirect_to @post, notice: 'Post was successfully created.'
     else
       render :new
@@ -36,12 +46,29 @@ Recaptcha v3 documentation: https://developers.google.com/recaptcha/docs/v3
   end
   ```
 
-Also you can verify token without adding error to model:
+There are two mandatory arguments for `human?` method:
+
+- `token` - token valid for your site
+- `action` - the action name for this request
+  (the gem checks if it is the same as the name used with the token,
+  otherwise a hacker could replace it on frontend to some another action used,
+  but with lower score requirement and thus pass the verification)
+
+You can verify recaptcha without using these arguments:
+
+- `minimum_score` - defaults to value set in the initializer
+  (reCAPTCHA recommends using 0.5 as default)
+- `model` - defaults to `nil` which will result in not adding an error to model;
+  any custom failure handling is applicable here
+
+like this:
 
 ```ruby
-  NewGoogleRecaptcha.human?(params[:new_google_recaptcha_token])
+  NewGoogleRecaptcha.human?(params[:new_google_recaptcha_token], "checkout")
 ```
 
+Add to your navigation links `data-turbolinks="false"` to make it works with `turbolinks`.
+
 ## Installation
 
 ```ruby
@@ -68,7 +95,7 @@ And edit new_google_recaptcha.rb and enter your site_key and secret_key.
 - token is received from google, must be sent to backend
 - model optional parameter. if you want to add error to model.
 
-**<%= include_recaptcha_js %>** in layout
+**<%= include_recaptcha_js %>** in layout (by using yield)
 
 Include Google Recaptcha v3 JS into your Rails app. In head, right before `</head>`.
 
@@ -76,19 +103,41 @@ Include Google Recaptcha v3 JS into your Rails app. In head, right before `</hea
 
 Action where recaptcha action was executed. Actions could be viewed in Admin console. More docs: https://developers.google.com/recaptcha/docs/v3. Action name could be "comments", "checkout", etc. Put any name and check scores in console.
 
+## I18n support
+reCAPTCHA passes one types of error explanation to a linked model. It will use the I18n gem
+to translate the default error message if I18n is available. To customize the messages to your locale,
+add these keys to your I18n backend:
+
+`new_google_recaptcha.errors.verification_human` error message displayed when it is something like a robot, or a suspicious action
+
+Also you can translate API response errors to human friendly by adding translations to the locale (`config/locales/en.yml`):
+
+```Yaml
+en:
+  new_google_recaptcha:
+    errors:
+      verification_human: 'Fail'
+```
+
 ## TODO
 
 - check everything works with turbolinks
 - allow custom ID for input
 - return score ?
-- tests
+- more tests
 - handle exceptions with timeouts, json is not parsed
 - add support for non-Rails apps
+- add support for older Rails (should be easy since code is very simple)
 
-## Contributing
+## Contributors
 
 You are welcome to contribute.
 
+* [Igor Kasyanchuk](https://github.com/igorkasyanchuk) (maintainer)
+* [gilcierweb](https://github.com/gilcierweb)
+* [RoRElessar](https://github.com/RoRElessar)
+* [rubyconvict](https://github.com/rubyconvict)
+
 ## License
 
 The gem is available as open source under the terms of the [MIT License](https://opensource.org/licenses/MIT).

data/lib/generators/templates/new_google_recaptcha.rb

@@ -2,5 +2,6 @@ if Object.const_defined?('NewGoogleRecaptcha')
   NewGoogleRecaptcha.setup do |config|
     config.site_key   = "SITE_KEY"
     config.secret_key = "SECRET_KEY"
+    config.minimum_score = 0.5
   end
-end
+end

data/lib/new_google_recaptcha.rb

@@ -3,18 +3,28 @@ require "new_google_recaptcha/railtie"
 module NewGoogleRecaptcha
   mattr_accessor :site_key
   mattr_accessor :secret_key
+  mattr_accessor :minimum_score
 
   def self.setup
     yield(self)
   end
 
-  def self.human?(token, model = nil)
-    is_valid = NewGoogleRecaptcha::Validator.valid?(token)
+  def self.human?(token, action, minimum_score = self.minimum_score, model = nil)
+    is_valid = NewGoogleRecaptcha::Validator.valid?(token, action, minimum_score)
     if model && !is_valid
-      model.errors.add(:base, "Looks like you are not a human")
+      model.errors.add(:base, self.i18n("new_google_recaptcha.errors.verification_human", "Looks like you are not a human"))
     end
     is_valid
   end
+
+  def self.i18n(key, default)
+    if defined?(I18n)
+      I18n.translate(key, default: default)
+    else
+      default
+    end
+  end
+
 end
 
 require_relative "new_google_recaptcha/view_ext"

data/lib/new_google_recaptcha/validator.rb

@@ -1,13 +1,15 @@
-require 'net/http'
-
-module NewGoogleRecaptcha
-  class Validator
-    
-    def Validator.valid?(token)
-      uri    = URI("https://www.google.com/recaptcha/api/siteverify?secret=#{NewGoogleRecaptcha.secret_key}&response=#{token}")
-      result = JSON.parse(Net::HTTP.get(uri))
-      !!result["success"]
-    end
-
-  end
-end
+require 'net/http'
+
+module NewGoogleRecaptcha
+  class Validator
+    def self.valid?(token, action, minimum_score)
+      uri    = URI("https://www.google.com/recaptcha/api/siteverify?secret=#{NewGoogleRecaptcha.secret_key}&response=#{token}")
+      result = JSON.parse(Net::HTTP.get(uri))
+      conditions = []
+      conditions << !!result['success']
+      conditions << (result['score'].to_f >= minimum_score)
+      conditions << (result['action'].to_s == action.to_s)
+      conditions.none?(&:!)
+    end
+  end
+end

data/lib/new_google_recaptcha/version.rb

@@ -1,3 +1,3 @@
 module NewGoogleRecaptcha
-  VERSION = '0.1.0'
+  VERSION = '1.0.0'
 end

metadata

@@ -1,14 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: new_google_recaptcha
 version: !ruby/object:Gem::Version
-  version: 0.1.0
+  version: 1.0.0
 platform: ruby
 authors:
 - Igor Kasyanchuk
+- rubyconvict
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2018-10-31 00:00:00.000000000 Z
+date: 2019-01-03 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: rails
@@ -16,16 +17,100 @@ dependencies:
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 4.2.0
   type: :runtime
   prerelease: false
   version_requirements: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
       - !ruby/object:Gem::Version
-        version: 5.0.0
+        version: 4.2.0
 - !ruby/object:Gem::Dependency
   name: sqlite3
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '1.3'
+- !ruby/object:Gem::Dependency
+  name: byebug
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '10.0'
+- !ruby/object:Gem::Dependency
+  name: webmock
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.5'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '3.5'
+- !ruby/object:Gem::Dependency
+  name: mocha
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 0.14.0
+- !ruby/object:Gem::Dependency
+  name: redis-store-testing
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - ">="
+      - !ruby/object:Gem::Version
+        version: '0'
+- !ruby/object:Gem::Dependency
+  name: connection_pool
+  requirement: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+  type: :development
+  prerelease: false
+  version_requirements: !ruby/object:Gem::Requirement
+    requirements:
+    - - "~>"
+      - !ruby/object:Gem::Version
+        version: 1.2.0
+- !ruby/object:Gem::Dependency
+  name: appraisal
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -38,7 +123,7 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-description: Google reCAPTCHA v3 + Rails (integration)
+description: Google reCaptcha v3 + Rails (integration)
 email:
 - igorkasyanchuk@gmail.com
 executables: []
@@ -76,9 +161,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
+rubygems_version: 3.0.1
 signing_key: 
 specification_version: 4
-summary: Google reCAPTCHA v3 + Rails
+summary: Google reCaptcha v3 + Rails
 test_files: []