protect_via_honeypots 0.1.1

data/.gitignore

@@ -0,0 +1,2 @@
+.DS_Store
+*.swp

data/LICENSE

@@ -0,0 +1,20 @@
+Copyright (c) 2009 Roy van der Meij
+
+Permission is hereby granted, free of charge, to any person obtaining
+a copy of this software and associated documentation files (the
+"Software"), to deal in the Software without restriction, including
+without limitation the rights to use, copy, modify, merge, publish,
+distribute, sublicense, and/or sell copies of the Software, and to
+permit persons to whom the Software is furnished to do so, subject to
+the following conditions:
+
+The above copyright notice and this permission notice shall be
+included in all copies or substantial portions of the Software.
+
+THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.

data/README.textile

@@ -0,0 +1,49 @@
+h1. protect_via_honeypots
+
+In the never ending battle with the form bots, here's my attempt to mislead them.
+protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
+So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)
+
+h2. Installation
+
+Install the protect_via_honeypots gem:
+
+<pre>
+  sudo gem install protect_via_honeypots
+</pre>
+
+Add protect_via_honeypots in environment.rb as a gem dependency:
+
+<pre>
+  config.gem "protect_via_honeypots"
+</pre>
+
+Or place it in your Gemfile
+
+<pre>
+  gem "protect_via_honeypots"
+</pre>
+
+h2. Usage
+
+Place the following in your application_controller.rb
+
+<pre>
+  protect_via_honeypots
+</pre>
+
+And your done!
+
+h1. Note on Patches/Pull Requests
+ 
+* Fork the project.
+* Make your feature addition or bug fix.
+* Add tests for it. This is important so I don't break it in a
+  future version unintentionally.
+* Commit, do not mess with rakefile, version, or history.
+  (if you want to have your own version, that is fine but bump version in a commit by itself I can ignore when I pull)
+* Send me a pull request. Bonus points for topic branches.
+
+h1. Copyright
+
+Copyright (c) 2010 Roy van der Meij. See LICENSE for details.

data/Rakefile

@@ -0,0 +1,55 @@
+require 'rubygems'
+require 'rake'
+
+begin
+  require 'jeweler'
+  Jeweler::Tasks.new do |gem|
+    gem.name = "protect_via_honeypots"
+    gem.summary = %Q{Protect your apps for bots via honeypots}
+    gem.description = %Q{In the never ending battle with the form bots, here's my attempt to mislead them.
+protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
+So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)}
+    gem.email = "roy@royapps.nl"
+    gem.homepage = "http://github.com/roy/hello-gem"
+    gem.authors = ["Roy van der Meij"]
+    gem.add_development_dependency "thoughtbot-shoulda", ">= 0"
+    # gem is a Gem::Specification... see http://www.rubygems.org/read/chapter/20 for additional settings
+  end
+  Jeweler::GemcutterTasks.new
+rescue LoadError
+  puts "Jeweler (or a dependency) not available. Install it with: gem install jeweler"
+end
+
+require 'rake/testtask'
+Rake::TestTask.new(:test) do |test|
+  test.libs << 'lib' << 'test'
+  test.pattern = 'test/**/test_*.rb'
+  test.verbose = true
+end
+
+begin
+  require 'rcov/rcovtask'
+  Rcov::RcovTask.new do |test|
+    test.libs << 'test'
+    test.pattern = 'test/**/test_*.rb'
+    test.verbose = true
+  end
+rescue LoadError
+  task :rcov do
+    abort "RCov is not available. In order to run rcov, you must: sudo gem install spicycode-rcov"
+  end
+end
+
+task :test => :check_dependencies
+
+task :default => :test
+
+require 'rake/rdoctask'
+Rake::RDocTask.new do |rdoc|
+  version = File.exist?('VERSION') ? File.read('VERSION') : ""
+
+  rdoc.rdoc_dir = 'rdoc'
+  rdoc.title = "protect_via_honeypots #{version}"
+  rdoc.rdoc_files.include('README*')
+  rdoc.rdoc_files.include('lib/**/*.rb')
+end

data/VERSION

@@ -0,0 +1 @@
+0.1.1

data/init.rb

@@ -0,0 +1 @@
+require File.join(File.dirname(__FILE__), "lib", "protect_via_honeypots")

data/lib/protect_via_honeypots/form_tag_helper_extensions.rb

@@ -0,0 +1,42 @@
+=begin
+module ProtectViaHoneypots::FormTagHelperExtensions
+  #alias_method :old_extra_tags_for_form, :extra_tags_for_form
+  #def extra_tags_for_form(html_options)
+  #  tags = ProtectViaHoneypots.honeypot_tags.collect do |tag| 
+  #    tag(:input, :type => "hidden", :name => tag, :value => "") 
+  #  end
+
+  #  old_extra_tags_for_form(html_options) + content_tag(:div, tags, :style => 'margin:0;padding:0;display:inline')
+  #end
+
+  def extra_tags_for_form(html_options)
+    raise "ERROR"
+    tags = ProtectViaHoneypots.honeypot_tags.collect do |tag| 
+      tag(:input, :type => "hidden", :name => tag, :value => "") 
+    end
+
+    super + content_tag(:div, tags, :style => 'margin:0;padding:0;display:inline')
+  end
+end
+=end
+
+module ActionView
+  module Helpers
+    module FormTagHelper
+      alias_method :old_extra_tags_for_form, :extra_tags_for_form
+      def extra_tags_for_form(html_options)
+        tags = ProtectViaHoneypots::HONEYPOT_TAGS.collect do |tag| 
+          tag(:input, :type => "text", :name => tag, :value => "") 
+        end
+
+        old_extra_tags_for_form(html_options) + content_tag(:div, tags, :style => 'margin:0;padding:0;display:none')
+      end
+
+    end
+  end
+end
+
+module ActionController #:nodoc:
+  class InvalidHoneyPots < ActionControllerError #:nodoc:
+  end
+end

data/lib/protect_via_honeypots.rb

@@ -0,0 +1,35 @@
+
+module ProtectViaHoneypots
+  HONEYPOT_TAGS = [:email_pot, :name_pot]
+
+  def self.included(base)
+    base.extend ClassMethods
+  end
+
+  module ClassMethods
+    def protect_via_honeypots
+      include InstanceMethods
+
+      before_filter :verify_honeypots
+      require 'protect_via_honeypots/form_tag_helper_extensions'
+      #ActionView::Helpers::FormTagHelper.send(:include, ProtectViaHoneypots::FormTagHelperExtensions)
+    end
+
+  end
+
+  module InstanceMethods
+    def verify_honeypots
+      verified_request? || raise (ActionController::InvalidHoneyPots)
+    end
+
+    def verified_request?
+       ProtectViaHoneypots::HONEYPOT_TAGS.all?{ |x| params[x].blank? }
+    end
+  end
+end
+
+
+# Set it all up
+if Object.const_defined?("ActionController")
+  ActionController::Base.send(:include, ProtectViaHoneypots)
+end

data/protect_via_honeypots.gemspec

@@ -0,0 +1,57 @@
+# Generated by jeweler
+# DO NOT EDIT THIS FILE DIRECTLY
+# Instead, edit Jeweler::Tasks in Rakefile, and run the gemspec command
+# -*- encoding: utf-8 -*-
+
+Gem::Specification.new do |s|
+  s.name = %q{protect_via_honeypots}
+  s.version = "0.1.1"
+
+  s.required_rubygems_version = Gem::Requirement.new(">= 0") if s.respond_to? :required_rubygems_version=
+  s.authors = ["Roy van der Meij"]
+  s.date = %q{2010-10-28}
+  s.description = %q{In the never ending battle with the form bots, here's my attempt to mislead them.
+protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
+So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)}
+  s.email = %q{roy@royapps.nl}
+  s.extra_rdoc_files = [
+    "LICENSE",
+     "README.textile"
+  ]
+  s.files = [
+    ".gitignore",
+     "LICENSE",
+     "README.textile",
+     "Rakefile",
+     "VERSION",
+     "init.rb",
+     "lib/protect_via_honeypots.rb",
+     "lib/protect_via_honeypots/form_tag_helper_extensions.rb",
+     "pkg/protect_via_honeypots-0.1.0.gem",
+     "pkg/protect_via_honeypots-0.1.1.gem",
+     "protect_via_honeypots.gemspec",
+     "test/helper.rb"
+  ]
+  s.homepage = %q{http://github.com/roy/hello-gem}
+  s.rdoc_options = ["--charset=UTF-8"]
+  s.require_paths = ["lib"]
+  s.rubygems_version = %q{1.3.7}
+  s.summary = %q{Protect your apps for bots via honeypots}
+  s.test_files = [
+    "test/helper.rb"
+  ]
+
+  if s.respond_to? :specification_version then
+    current_version = Gem::Specification::CURRENT_SPECIFICATION_VERSION
+    s.specification_version = 3
+
+    if Gem::Version.new(Gem::VERSION) >= Gem::Version.new('1.2.0') then
+      s.add_development_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    else
+      s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+    end
+  else
+    s.add_dependency(%q<thoughtbot-shoulda>, [">= 0"])
+  end
+end
+

data/test/helper.rb

@@ -0,0 +1,10 @@
+require 'rubygems'
+require 'test/unit'
+require 'shoulda'
+
+$LOAD_PATH.unshift(File.join(File.dirname(__FILE__), '..', 'lib'))
+$LOAD_PATH.unshift(File.dirname(__FILE__))
+require 'protect_via_honeypots'
+
+class Test::Unit::TestCase
+end

metadata

@@ -0,0 +1,95 @@
+--- !ruby/object:Gem::Specification 
+name: protect_via_honeypots
+version: !ruby/object:Gem::Version 
+  hash: 25
+  prerelease: false
+  segments: 
+  - 0
+  - 1
+  - 1
+  version: 0.1.1
+platform: ruby
+authors: 
+- Roy van der Meij
+autorequire: 
+bindir: bin
+cert_chain: []
+
+date: 2010-10-28 00:00:00 +02:00
+default_executable: 
+dependencies: 
+- !ruby/object:Gem::Dependency 
+  name: thoughtbot-shoulda
+  prerelease: false
+  requirement: &id001 !ruby/object:Gem::Requirement 
+    none: false
+    requirements: 
+    - - ">="
+      - !ruby/object:Gem::Version 
+        hash: 3
+        segments: 
+        - 0
+        version: "0"
+  type: :development
+  version_requirements: *id001
+description: |-
+  In the never ending battle with the form bots, here's my attempt to mislead them.
+  protect_via_honeypots creates some hidden fields. As normal users don't mess with hidden fields we can assume that when those fields are filled with data: a bot filled it.
+  So when that happens, protect_via_honeypots throws an error (as the same way protect_from_forgery does)
+email: roy@royapps.nl
+executables: []
+
+extensions: []
+
+extra_rdoc_files: 
+- LICENSE
+- README.textile
+files: 
+- .gitignore
+- LICENSE
+- README.textile
+- Rakefile
+- VERSION
+- init.rb
+- lib/protect_via_honeypots.rb
+- lib/protect_via_honeypots/form_tag_helper_extensions.rb
+- pkg/protect_via_honeypots-0.1.0.gem
+- pkg/protect_via_honeypots-0.1.1.gem
+- protect_via_honeypots.gemspec
+- test/helper.rb
+has_rdoc: true
+homepage: http://github.com/roy/hello-gem
+licenses: []
+
+post_install_message: 
+rdoc_options: 
+- --charset=UTF-8
+require_paths: 
+- lib
+required_ruby_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+required_rubygems_version: !ruby/object:Gem::Requirement 
+  none: false
+  requirements: 
+  - - ">="
+    - !ruby/object:Gem::Version 
+      hash: 3
+      segments: 
+      - 0
+      version: "0"
+requirements: []
+
+rubyforge_project: 
+rubygems_version: 1.3.7
+signing_key: 
+specification_version: 3
+summary: Protect your apps for bots via honeypots
+test_files: 
+- test/helper.rb