recaptcha 1.3.0 → 5.8.1

data/lib/recaptcha.rb

@@ -1,21 +1,26 @@
-require 'recaptcha/configuration'
-require 'recaptcha/client_helper'
-require 'recaptcha/verify'
-require 'recaptcha/token'
-require 'uri'
+# frozen_string_literal: true
+
+require 'json'
 require 'net/http'
+require 'uri'
+
+require 'recaptcha/configuration'
+require 'recaptcha/helpers'
+require 'recaptcha/adapters/controller_methods'
+require 'recaptcha/adapters/view_methods'
+if defined?(Rails)
+  require 'recaptcha/railtie'
+end
 
 module Recaptcha
-  CONFIG = {
-    'server_url' => '//www.google.com/recaptcha/api.js',
-    'secure_server_url' => 'https://www.google.com/recaptcha/api.js',
-    'verify_url' => 'https://www.google.com/recaptcha/api/siteverify'
-  }
-
-  USE_SSL_BY_DEFAULT              = false
-  HANDLE_TIMEOUTS_GRACEFULLY      = true
-  SKIP_VERIFY_ENV = ['test', 'cucumber']
   DEFAULT_TIMEOUT = 3
+  RESPONSE_LIMIT = 4000
+
+  class RecaptchaError < StandardError
+  end
+
+  class VerifyError < RecaptchaError
+  end
 
   # Gives access to the current Configuration.
   def self.configuration
@@ -41,43 +46,128 @@ module Recaptcha
       configuration.send("#{key}=", value)
     end
 
-    result = yield if block_given?
-
+    yield if block_given?
+  ensure
     original_config.each { |key, value| configuration.send("#{key}=", value) }
-    result
   end
 
-  def self.get(verify_hash, options)
-    http = if Recaptcha.configuration.proxy
-      proxy_server = URI.parse(Recaptcha.configuration.proxy)
-      Net::HTTP::Proxy(proxy_server.host, proxy_server.port, proxy_server.user, proxy_server.password)
+  def self.skip_env?(env)
+    configuration.skip_verify_env.include?(env || configuration.default_env)
+  end
+
+  def self.invalid_response?(resp)
+    resp.empty? || resp.length > RESPONSE_LIMIT
+  end
+
+  def self.verify_via_api_call(response, options)
+    if Recaptcha.configuration.enterprise
+      verify_via_api_call_enterprise(response, options)
     else
-      Net::HTTP
+      verify_via_api_call_free(response, options)
     end
-    query = URI.encode_www_form(verify_hash)
-    uri = URI.parse(Recaptcha.configuration.verify_url + '?' + query)
-    http_instance = http.new(uri.host, uri.port)
-    http_instance.read_timeout = http_instance.open_timeout = options[:timeout] || DEFAULT_TIMEOUT
-    if uri.port == 443
-      http_instance.use_ssl = true
-      http_instance.verify_mode = OpenSSL::SSL::VERIFY_NONE
+  end
+
+  def self.verify_via_api_call_enterprise(response, options)
+    site_key = options.fetch(:site_key) { configuration.site_key! }
+    api_key = options.fetch(:enterprise_api_key) { configuration.enterprise_api_key! }
+    project_id = options.fetch(:enterprise_project_id) { configuration.enterprise_project_id! }
+
+    query_params = { 'key' => api_key }
+    body = { 'event' => { 'token' => response, 'siteKey' => site_key } }
+    body['event']['expectedAction'] = options[:action] if options.key?(:action)
+    body['event']['userIpAddress'] = options[:remote_ip] if options.key?(:remote_ip)
+
+    reply = api_verification_enterprise(query_params, body, project_id, timeout: options[:timeout])
+    token_properties = reply['tokenProperties']
+    success = !token_properties.nil? &&
+      token_properties['valid'].to_s == 'true' &&
+      hostname_valid?(token_properties['hostname'], options[:hostname]) &&
+      action_valid?(token_properties['action'], options[:action]) &&
+      score_above_threshold?(reply['score'], options[:minimum_score])
+
+    if options[:with_reply] == true
+      return success, reply
+    else
+      return success
     end
-    request = Net::HTTP::Get.new(uri.request_uri)
-    http_instance.request(request).body
   end
 
-  def self.i18n(key, default)
-    if defined?(I18n)
-      I18n.translate(key, default: default)
+  def self.verify_via_api_call_free(response, options)
+    secret_key = options.fetch(:secret_key) { configuration.secret_key! }
+    verify_hash = { 'secret' => secret_key, 'response' => response }
+    verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
+
+    reply = api_verification_free(verify_hash, timeout: options[:timeout])
+    success = reply['success'].to_s == 'true' &&
+      hostname_valid?(reply['hostname'], options[:hostname]) &&
+      action_valid?(reply['action'], options[:action]) &&
+      score_above_threshold?(reply['score'], options[:minimum_score])
+
+    if options[:with_reply] == true
+      return success, reply
     else
-      default
+      return success
     end
   end
 
+  def self.hostname_valid?(hostname, validation)
+    validation ||= configuration.hostname
 
-  class RecaptchaError < StandardError
+    case validation
+    when nil, FalseClass then true
+    when String then validation == hostname
+    else validation.call(hostname)
+    end
   end
 
-  class VerifyError < RecaptchaError
+  def self.action_valid?(action, expected_action)
+    case expected_action
+    when nil, FalseClass then true
+    else action == expected_action
+    end
+  end
+
+  # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
+  def self.score_above_threshold?(score, minimum_score)
+    return true if minimum_score.nil?
+    return false if score.nil?
+
+    case minimum_score
+    when nil, FalseClass then true
+    else score >= minimum_score
+    end
+  end
+
+  def self.http_client_for(uri:, timeout: nil)
+    timeout ||= DEFAULT_TIMEOUT
+    http = if configuration.proxy
+      proxy_server = URI.parse(configuration.proxy)
+      Net::HTTP::Proxy(proxy_server.host, proxy_server.port, proxy_server.user, proxy_server.password)
+    else
+      Net::HTTP
+    end
+    instance = http.new(uri.host, uri.port)
+    instance.read_timeout = instance.open_timeout = timeout
+    instance.use_ssl = true if uri.port == 443
+
+    instance
+  end
+
+  def self.api_verification_free(verify_hash, timeout: nil)
+    query = URI.encode_www_form(verify_hash)
+    uri = URI.parse(configuration.verify_url + '?' + query)
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    request = Net::HTTP::Get.new(uri.request_uri)
+    JSON.parse(http_instance.request(request).body)
+  end
+
+  def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
+    query = URI.encode_www_form(query_params)
+    uri = URI.parse(configuration.verify_url + "/#{project_id}/assessments" + '?' + query)
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    request = Net::HTTP::Post.new(uri.request_uri)
+    request['Content-Type'] = 'application/json; charset=utf-8'
+    request.body = JSON.generate(body)
+    JSON.parse(http_instance.request(request).body)
   end
 end

data/rails/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA verification failed, please try again.
+      recaptcha_unreachable: Oops, we failed to validate your reCAPTCHA response. Please try again.

data/rails/locales/fr.yml

@@ -0,0 +1,5 @@
+fr:
+  recaptcha:
+    errors:
+      verification_failed: La vérification reCAPTCHA a échoué, veuillez essayer à nouveau.
+      recaptcha_unreachable: Oops, nous n'avons pas pu valider votre réponse reCAPTCHA. Veuillez essayer à nouveau.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 1.3.0
+  version: 5.8.1
 platform: ruby
 authors:
 - Jason L Perry
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2016-04-08 00:00:00.000000000 Z
+date: 2021-07-09 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -53,7 +53,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: activesupport
+  name: i18n
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -67,7 +67,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: i18n
+  name: maxitest
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -81,7 +81,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: maxitest
+  name: pry-byebug
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -95,7 +95,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: pry-byebug
+  name: bump
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -109,7 +109,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: bump
+  name: webmock
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -123,7 +123,7 @@ dependencies:
       - !ruby/object:Gem::Version
         version: '0'
 - !ruby/object:Gem::Dependency
-  name: webmock
+  name: rubocop
   requirement: !ruby/object:Gem::Requirement
     requirements:
     - - ">="
@@ -147,16 +147,20 @@ files:
 - LICENSE
 - README.md
 - lib/recaptcha.rb
-- lib/recaptcha/client_helper.rb
+- lib/recaptcha/adapters/controller_methods.rb
+- lib/recaptcha/adapters/view_methods.rb
 - lib/recaptcha/configuration.rb
+- lib/recaptcha/helpers.rb
 - lib/recaptcha/rails.rb
-- lib/recaptcha/token.rb
-- lib/recaptcha/verify.rb
+- lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
+- rails/locales/en.yml
+- rails/locales/fr.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
-metadata: {}
+metadata:
+  source_code_uri: https://github.com/ambethia/recaptcha
 post_install_message: 
 rdoc_options: []
 require_paths:
@@ -165,15 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.0.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.4.5.1
+rubygems_version: 3.2.16
 signing_key: 
 specification_version: 4
 summary: Helpers for the reCAPTCHA API

data/lib/recaptcha/client_helper.rb

@@ -1,52 +0,0 @@
-module Recaptcha
-  module ClientHelper
-    # Your public API can be specified in the +options+ hash or preferably
-    # using the Configuration.
-    def recaptcha_tags(options = {})
-      public_key = options[:public_key] || Recaptcha.configuration.public_key!
-
-      script_url = Recaptcha.configuration.api_server_url(ssl: options[:ssl])
-      script_url += "?hl=#{options[:hl]}" unless options[:hl].to_s == ""
-      fallback_uri = "#{script_url.chomp('.js')}/fallback?k=#{public_key}"
-
-      data_attributes = [:theme, :type, :callback, :expired_callback, :size]
-      data_attributes = options.each_with_object({}) do |(k, v), a|
-        a[k] = v if data_attributes.include?(k)
-      end
-      data_attributes[:sitekey] = public_key
-      data_attributes[:stoken] = Recaptcha::Token.secure_token if options[:stoken] != false
-      data_attributes = data_attributes.map { |k,v| %{data-#{k.to_s.tr('_','-')}="#{v}"} }.join(" ")
-
-      html = %{<script src="#{script_url}" async defer></script>\n}
-      html << %{<div class="g-recaptcha" #{data_attributes}></div>\n}
-
-      if options[:noscript] != false
-        html << <<-HTML
-          <noscript>
-            <div style="width: 302px; height: 352px;">
-              <div style="width: 302px; height: 352px; position: relative;">
-                <div style="width: 302px; height: 352px; position: absolute;">
-                  <iframe
-                    src="#{fallback_uri}"
-                    frameborder="0" scrolling="no"
-                    style="width: 302px; height:352px; border-style: none;">
-                  </iframe>
-                </div>
-                <div style="width: 250px; height: 80px; position: absolute; border-style: none;
-                  bottom: 21px; left: 25px; margin: 0px; padding: 0px; right: 25px;">
-                  <textarea id="g-recaptcha-response" name="g-recaptcha-response"
-                    class="g-recaptcha-response"
-                    style="width: 250px; height: 80px; border: 1px solid #c1c1c1;
-                    margin: 0px; padding: 0px; resize: none;" value="">
-                  </textarea>
-                </div>
-              </div>
-            </div>
-          </noscript>
-        HTML
-      end
-
-      html.respond_to?(:html_safe) ? html.html_safe : html
-    end
-  end
-end

data/lib/recaptcha/token.rb

@@ -1,24 +0,0 @@
-require 'json'
-require 'recaptcha'
-require 'base64'
-require 'securerandom'
-require 'openssl'
-
-module Recaptcha
-  module Token
-
-    def self.secure_token
-      private_key  =  Recaptcha.configuration.private_key
-      raise RecaptchaError, "No private key specified." unless private_key
-
-      stoken_json = {'session_id' => SecureRandom.uuid, 'ts_ms' => (Time.now.to_f * 1000).to_i}.to_json
-      cipher = OpenSSL::Cipher::AES128.new(:ECB)
-      private_key_digest = Digest::SHA1.digest(private_key)[0...16]
-
-      cipher.encrypt
-      cipher.key = private_key_digest
-      encrypted_stoken = cipher.update(stoken_json) << cipher.final
-      Base64.urlsafe_encode64(encrypted_stoken).gsub(/\=+\Z/, '')
-    end
-  end
-end

data/lib/recaptcha/verify.rb

@@ -1,93 +0,0 @@
-require 'json'
-
-module Recaptcha
-  module Verify
-    # Your private API can be specified in the +options+ hash or preferably
-    # using the Configuration.
-    def verify_recaptcha(options = {})
-      options = {:model => options} unless options.is_a? Hash
-      model = options[:model]
-      attribute = options[:attribute] || :base
-
-      return true if Recaptcha::Verify.skip?(options[:env])
-
-      private_key = options[:private_key] || Recaptcha.configuration.private_key!
-      recaptcha_response = options[:response] || params['g-recaptcha-response'].to_s
-
-      begin
-        # env['REMOTE_ADDR'] to retrieve IP for Grape API
-        remote_ip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
-        verify_hash = {
-          "secret"    => private_key,
-          "remoteip"  => remote_ip.to_s,
-          "response"  => recaptcha_response
-        }
-
-        raw_reply = Recaptcha.get(verify_hash, options)
-        reply = JSON.parse(raw_reply)
-        answer = reply['success']
-
-        if hostname_valid?(reply['hostname'], options[:hostname]) && answer.to_s == 'true'
-          flash.delete(:recaptcha_error) if recaptcha_flash_supported? && !model
-          true
-        else
-          recaptcha_error(
-            model,
-            attribute,
-            options[:message],
-            "recaptcha.errors.verification_failed",
-            "reCAPTCHA verification failed, please try again."
-          )
-          false
-        end
-      rescue Timeout::Error
-        if Recaptcha.configuration.handle_timeouts_gracefully
-          recaptcha_error(
-            model,
-            attribute,
-            options[:message],
-            "recaptcha.errors.recaptcha_unreachable",
-            "Oops, we failed to validate your reCAPTCHA response. Please try again."
-          )
-          false
-        else
-          raise RecaptchaError, "Recaptcha unreachable."
-        end
-      rescue StandardError => e
-        raise RecaptchaError, e.message, e.backtrace
-      end
-    end
-
-    def verify_recaptcha!(options = {})
-      verify_recaptcha(options) or raise VerifyError
-    end
-
-    private
-
-    def hostname_valid?(hostname, validation)
-      case validation
-      when nil, FalseClass then true
-      when String then validation == hostname
-      else validation.call(hostname)
-      end
-    end
-
-    def recaptcha_error(model, attribute, message, key, default)
-      message = message || Recaptcha.i18n(key, default)
-      if model
-        model.errors.add attribute, message
-      else
-        flash[:recaptcha_error] = message if recaptcha_flash_supported?
-      end
-    end
-
-    def recaptcha_flash_supported?
-      request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
-    end
-
-    def self.skip?(env)
-      env ||= ENV['RACK_ENV'] || ENV['RAILS_ENV'] || (Rails.env if defined? Rails.env)
-      Recaptcha.configuration.skip_verify_env.include? env
-    end
-  end
-end