recaptcha 4.14.0 → 5.14.0

data/lib/recaptcha.rb

@@ -1,26 +1,26 @@
 # frozen_string_literal: true
 
-require 'recaptcha/configuration'
-require 'uri'
+require 'json'
 require 'net/http'
+require 'uri'
 
+require 'recaptcha/configuration'
+require 'recaptcha/helpers'
+require 'recaptcha/adapters/controller_methods'
+require 'recaptcha/adapters/view_methods'
 if defined?(Rails)
   require 'recaptcha/railtie'
-else
-  require 'recaptcha/client_helper'
-  require 'recaptcha/verify'
 end
 
 module Recaptcha
-  CONFIG = {
-    'server_url' => 'https://www.google.com/recaptcha/api.js',
-    'verify_url' => 'https://www.google.com/recaptcha/api/siteverify'
-  }.freeze
-
-  USE_SSL_BY_DEFAULT              = false
-  HANDLE_TIMEOUTS_GRACEFULLY      = true
   DEFAULT_TIMEOUT = 3
 
+  class RecaptchaError < StandardError
+  end
+
+  class VerifyError < RecaptchaError
+  end
+
   # Gives access to the current Configuration.
   def self.configuration
     @configuration ||= Configuration.new
@@ -50,33 +50,123 @@ module Recaptcha
     original_config.each { |key, value| configuration.send("#{key}=", value) }
   end
 
-  def self.get(verify_hash, options)
-    http = if Recaptcha.configuration.proxy
-      proxy_server = URI.parse(Recaptcha.configuration.proxy)
-      Net::HTTP::Proxy(proxy_server.host, proxy_server.port, proxy_server.user, proxy_server.password)
+  def self.skip_env?(env)
+    configuration.skip_verify_env.include?(env || configuration.default_env)
+  end
+
+  def self.invalid_response?(resp)
+    resp.empty? || resp.length > configuration.response_limit
+  end
+
+  def self.verify_via_api_call(response, options)
+    if Recaptcha.configuration.enterprise
+      verify_via_api_call_enterprise(response, options)
     else
-      Net::HTTP
+      verify_via_api_call_free(response, options)
     end
-    query = URI.encode_www_form(verify_hash)
-    uri = URI.parse(Recaptcha.configuration.verify_url + '?' + query)
-    http_instance = http.new(uri.host, uri.port)
-    http_instance.read_timeout = http_instance.open_timeout = options[:timeout] || DEFAULT_TIMEOUT
-    http_instance.use_ssl = true if uri.port == 443
-    request = Net::HTTP::Get.new(uri.request_uri)
-    http_instance.request(request).body
   end
 
-  def self.i18n(key, default)
-    if defined?(I18n)
-      I18n.translate(key, default: default)
+  def self.verify_via_api_call_enterprise(response, options)
+    site_key = options.fetch(:site_key) { configuration.site_key! }
+    api_key = options.fetch(:enterprise_api_key) { configuration.enterprise_api_key! }
+    project_id = options.fetch(:enterprise_project_id) { configuration.enterprise_project_id! }
+
+    query_params = { 'key' => api_key }
+    body = { 'event' => { 'token' => response, 'siteKey' => site_key } }
+    body['event']['expectedAction'] = options[:action] if options.key?(:action)
+    body['event']['userIpAddress'] = options[:remote_ip] if options.key?(:remote_ip)
+
+    reply = api_verification_enterprise(query_params, body, project_id, timeout: options[:timeout])
+    score = reply.dig('riskAnalysis', 'score')
+    token_properties = reply['tokenProperties']
+    success = !token_properties.nil? &&
+      token_properties['valid'].to_s == 'true' &&
+      hostname_valid?(token_properties['hostname'], options[:hostname]) &&
+      action_valid?(token_properties['action'], options[:action]) &&
+      score_above_threshold?(score, options[:minimum_score]) &&
+      score_below_threshold?(score, options[:maximum_score])
+
+    if options[:with_reply] == true
+      [success, reply]
     else
-      default
+      success
     end
   end
 
-  class RecaptchaError < StandardError
+  def self.verify_via_api_call_free(response, options)
+    secret_key = options.fetch(:secret_key) { configuration.secret_key! }
+    verify_hash = { 'secret' => secret_key, 'response' => response }
+    verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
+
+    reply = api_verification_free(verify_hash, timeout: options[:timeout])
+    success = reply['success'].to_s == 'true' &&
+      hostname_valid?(reply['hostname'], options[:hostname]) &&
+      action_valid?(reply['action'], options[:action]) &&
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
+
+    if options[:with_reply] == true
+      [success, reply]
+    else
+      success
+    end
   end
 
-  class VerifyError < RecaptchaError
+  def self.hostname_valid?(hostname, validation)
+    validation ||= configuration.hostname
+
+    case validation
+    when nil, FalseClass then true
+    when String then validation == hostname
+    else validation.call(hostname)
+    end
+  end
+
+  def self.action_valid?(action, expected_action)
+    case expected_action
+    when nil, FalseClass then true
+    else action == expected_action.to_s
+    end
+  end
+
+  def self.score_above_threshold?(score, minimum_score)
+    !minimum_score || (score && score >= minimum_score)
+  end
+
+  def self.score_below_threshold?(score, maximum_score)
+    !maximum_score || (score && score <= maximum_score)
+  end
+
+  def self.http_client_for(uri:, timeout: nil)
+    timeout ||= DEFAULT_TIMEOUT
+    http = if configuration.proxy
+      proxy_server = URI.parse(configuration.proxy)
+      Net::HTTP::Proxy(proxy_server.host, proxy_server.port, proxy_server.user, proxy_server.password)
+    else
+      Net::HTTP
+    end
+    instance = http.new(uri.host, uri.port)
+    instance.read_timeout = instance.open_timeout = timeout
+    instance.use_ssl = true if uri.port == 443
+
+    instance
+  end
+
+  def self.api_verification_free(verify_hash, timeout: nil)
+    query = URI.encode_www_form(verify_hash)
+    uri = URI.parse("#{configuration.verify_url}?#{query}")
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    request = Net::HTTP::Get.new(uri.request_uri)
+    JSON.parse(http_instance.request(request).body)
+  end
+
+  def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
+    query = URI.encode_www_form(query_params)
+    uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    request = Net::HTTP::Post.new(uri.request_uri)
+    request['Content-Type'] = 'application/json; charset=utf-8'
+    request.body = JSON.generate(body)
+    JSON.parse(http_instance.request(request).body)
   end
 end

data/rails/locales/en.yml

@@ -0,0 +1,5 @@
+en:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA verification failed, please try again.
+      recaptcha_unreachable: Oops, we failed to validate your reCAPTCHA response. Please try again.

data/rails/locales/fr.yml

@@ -0,0 +1,5 @@
+fr:
+  recaptcha:
+    errors:
+      verification_failed: La vérification reCAPTCHA a échoué, veuillez essayer à nouveau.
+      recaptcha_unreachable: Oops, nous n'avons pas pu valider votre réponse reCAPTCHA. Veuillez essayer à nouveau.

data/rails/locales/ja.yml

@@ -0,0 +1,5 @@
+ja:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA認証に失敗しました。もう一度お試しください。
+      recaptcha_unreachable: reCAPTCHAのレスポンスを検証できませんでした。もう一度お試しください。

data/rails/locales/nl.yml

@@ -0,0 +1,5 @@
+nl:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA-verificatie mislukt, probeer het opnieuw.
+      recaptcha_unreachable: Oeps, we hebben uw reCAPTCHA-antwoord niet kunnen valideren. Probeer het opnieuw.

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 4.14.0
+  version: 5.14.0
 platform: ruby
 authors:
 - Jason L Perry
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-04-01 00:00:00.000000000 Z
+date: 2023-04-19 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -52,20 +38,6 @@ dependencies:
     - - ">="
       - !ruby/object:Gem::Version
         version: '0'
-- !ruby/object:Gem::Dependency
-  name: activesupport
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :development
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: i18n
   requirement: !ruby/object:Gem::Requirement
@@ -161,17 +133,23 @@ files:
 - LICENSE
 - README.md
 - lib/recaptcha.rb
-- lib/recaptcha/client_helper.rb
+- lib/recaptcha/adapters/controller_methods.rb
+- lib/recaptcha/adapters/view_methods.rb
 - lib/recaptcha/configuration.rb
+- lib/recaptcha/helpers.rb
 - lib/recaptcha/rails.rb
 - lib/recaptcha/railtie.rb
-- lib/recaptcha/verify.rb
 - lib/recaptcha/version.rb
+- rails/locales/en.yml
+- rails/locales/fr.yml
+- rails/locales/ja.yml
+- rails/locales/nl.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
-metadata: {}
-post_install_message: 
+metadata:
+  source_code_uri: https://github.com/ambethia/recaptcha
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -179,16 +157,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubyforge_project: 
-rubygems_version: 2.7.6
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API
 test_files: []

data/lib/recaptcha/client_helper.rb

@@ -1,157 +0,0 @@
-# frozen_string_literal: true
-
-module Recaptcha
-  module ClientHelper
-    # Your public API can be specified in the +options+ hash or preferably
-    # using the Configuration.
-    def recaptcha_tags(options = {})
-      if options.key?(:stoken)
-        raise(RecaptchaError, "Secure Token is deprecated. Please remove 'stoken' from your calls to recaptcha_tags.")
-      end
-      if options.key?(:ssl)
-        raise(RecaptchaError, "SSL is now always true. Please remove 'ssl' from your calls to recaptcha_tags.")
-      end
-
-      noscript = options.delete(:noscript)
-
-      html, tag_attributes, fallback_uri = Recaptcha::ClientHelper.recaptcha_components(options)
-      html << %(<div #{tag_attributes}></div>\n)
-
-      if noscript != false
-        html << <<-HTML
-          <noscript>
-            <div>
-              <div style="width: 302px; height: 422px; position: relative;">
-                <div style="width: 302px; height: 422px; position: absolute;">
-                  <iframe
-                    src="#{fallback_uri}"
-                    name="ReCAPTCHA"
-                    style="width: 302px; height: 422px; border-style: none; border: 0; overflow: hidden;">
-                  </iframe>
-                </div>
-              </div>
-              <div style="width: 300px; height: 60px; border-style: none;
-                bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;
-                background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
-                <textarea id="g-recaptcha-response" name="g-recaptcha-response"
-                  class="g-recaptcha-response"
-                  style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
-                  margin: 10px 25px; padding: 0px; resize: none;">
-                </textarea>
-              </div>
-            </div>
-          </noscript>
-        HTML
-      end
-
-      html.respond_to?(:html_safe) ? html.html_safe : html
-    end
-
-    # Invisible reCAPTCHA implementation
-    def invisible_recaptcha_tags(options = {})
-      options = {callback: 'invisibleRecaptchaSubmit', ui: :button}.merge options
-      text = options.delete(:text)
-      html, tag_attributes = Recaptcha::ClientHelper.recaptcha_components(options)
-      html << recaptcha_default_callback(options) if recaptcha_default_callback_required?(options)
-      case options[:ui]
-      when :button
-        html << %(<button type="submit" #{tag_attributes}>#{text}</button>\n)
-      when :invisible
-        html << %(<div data-size="invisible" #{tag_attributes}></div>\n)
-      when :input
-        html << %(<input type="submit" #{tag_attributes} value="#{text}"/>\n)
-      else
-        raise(RecaptchaError, "ReCAPTCHA ui `#{options[:ui]}` is not valid.")
-      end
-      html.respond_to?(:html_safe) ? html.html_safe : html
-    end
-
-    def self.recaptcha_components(options = {})
-      html = +''
-      attributes = {}
-      fallback_uri = +''
-
-      # Since leftover options get passed directly through as tag
-      # attributes, we must unconditionally delete all our options
-      options = options.dup
-      env = options.delete(:env)
-      class_attribute = options.delete(:class)
-      site_key = options.delete(:site_key)
-      hl = options.delete(:hl)
-      onload = options.delete(:onload)
-      render = options.delete(:render)
-      nonce = options.delete(:nonce)
-      skip_script = (options.delete(:script) == false)
-      ui = options.delete(:ui)
-
-      data_attribute_keys = [:badge, :theme, :type, :callback, :expired_callback, :error_callback, :size]
-      data_attribute_keys << :tabindex unless ui == :button
-      data_attributes = {}
-      data_attribute_keys.each do |data_attribute|
-        value = options.delete(data_attribute)
-        data_attributes["data-#{data_attribute.to_s.tr('_', '-')}"] = value if value
-      end
-
-      unless Recaptcha::Verify.skip?(env)
-        site_key ||= Recaptcha.configuration.site_key!
-        script_url = Recaptcha.configuration.api_server_url
-        query_params = hash_to_query(
-          hl: hl,
-          onload: onload,
-          render: render
-        )
-        script_url += "?#{query_params}" unless query_params.empty?
-        nonce_attr = " nonce='#{nonce}'" if nonce
-        html << %(<script src="#{script_url}" async defer#{nonce_attr}></script>\n) unless skip_script
-        fallback_uri = %(#{script_url.chomp(".js")}/fallback?k=#{site_key})
-        attributes["data-sitekey"] = site_key
-        attributes.merge! data_attributes
-      end
-
-      # Append whatever that's left of options to be attributes on the tag.
-      attributes["class"] = "g-recaptcha #{class_attribute}"
-      tag_attributes = attributes.merge(options).map { |k, v| %(#{k}="#{v}") }.join(" ")
-
-      [html, tag_attributes, fallback_uri]
-    end
-
-    private
-
-    def recaptcha_default_callback(options = {})
-      nonce = options[:nonce]
-      nonce_attr = " nonce='#{nonce}'" if nonce
-
-      <<-HTML
-        <script#{nonce_attr}>
-          var invisibleRecaptchaSubmit = function () {
-            var closestForm = function (ele) {
-              var curEle = ele.parentNode;
-              while (curEle.nodeName !== 'FORM' && curEle.nodeName !== 'BODY'){
-                curEle = curEle.parentNode;
-              }
-              return curEle.nodeName === 'FORM' ? curEle : null
-            };
-
-            var eles = document.getElementsByClassName('g-recaptcha');
-            if (eles.length > 0) {
-              var form = closestForm(eles[0]);
-              if (form) {
-                form.submit();
-              }
-            }
-          };
-        </script>
-      HTML
-    end
-
-    def recaptcha_default_callback_required?(options)
-      options[:callback] == 'invisibleRecaptchaSubmit' &&
-      !Recaptcha::Verify.skip?(options[:env]) &&
-      options[:script] != false
-    end
-
-    private_class_method def self.hash_to_query(hash)
-      hash.delete_if { |_, val| val.nil? || val.empty? }.to_a.map { |pair| pair.join('=') }.join('&')
-    end
-  end
-end

data/lib/recaptcha/verify.rb

@@ -1,108 +0,0 @@
-# frozen_string_literal: true
-
-require 'json'
-
-module Recaptcha
-  module Verify
-    G_RESPONSE_LIMIT = 4000
-    # Your private API can be specified in the +options+ hash or preferably
-    # using the Configuration.
-    def verify_recaptcha(options = {})
-      options = {model: options} unless options.is_a? Hash
-      return true if Recaptcha::Verify.skip?(options[:env])
-
-      model = options[:model]
-      attribute = options[:attribute] || :base
-      recaptcha_response = options[:response] || params['g-recaptcha-response'].to_s
-
-      begin
-        verified = if recaptcha_response.empty? || recaptcha_response.length > G_RESPONSE_LIMIT
-          false
-        else
-          recaptcha_verify_via_api_call(request, recaptcha_response, options)
-        end
-
-        if verified
-          flash.delete(:recaptcha_error) if recaptcha_flash_supported? && !model
-          true
-        else
-          recaptcha_error(
-            model,
-            attribute,
-            options[:message],
-            "recaptcha.errors.verification_failed",
-            "reCAPTCHA verification failed, please try again."
-          )
-          false
-        end
-      rescue Timeout::Error
-        if Recaptcha.configuration.handle_timeouts_gracefully
-          recaptcha_error(
-            model,
-            attribute,
-            options[:message],
-            "recaptcha.errors.recaptcha_unreachable",
-            "Oops, we failed to validate your reCAPTCHA response. Please try again."
-          )
-          false
-        else
-          raise RecaptchaError, "Recaptcha unreachable."
-        end
-      rescue StandardError => e
-        raise RecaptchaError, e.message, e.backtrace
-      end
-    end
-
-    def verify_recaptcha!(options = {})
-      verify_recaptcha(options) || raise(VerifyError)
-    end
-
-    def self.skip?(env)
-      env ||= ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
-      Recaptcha.configuration.skip_verify_env.include? env
-    end
-
-    private
-
-    def recaptcha_verify_via_api_call(request, recaptcha_response, options)
-      secret_key = options[:secret_key] || Recaptcha.configuration.secret_key!
-
-      verify_hash = {
-        "secret"    => secret_key,
-        "response"  => recaptcha_response
-      }
-
-      unless options[:skip_remote_ip]
-        remoteip = (request.respond_to?(:remote_ip) && request.remote_ip) || (env && env['REMOTE_ADDR'])
-        verify_hash["remoteip"] = remoteip.to_s
-      end
-
-      reply = JSON.parse(Recaptcha.get(verify_hash, options))
-      reply['success'].to_s == "true" &&
-        recaptcha_hostname_valid?(reply['hostname'], options[:hostname])
-    end
-
-    def recaptcha_hostname_valid?(hostname, validation)
-      validation ||= Recaptcha.configuration.hostname
-
-      case validation
-      when nil, FalseClass then true
-      when String then validation == hostname
-      else validation.call(hostname)
-      end
-    end
-
-    def recaptcha_error(model, attribute, message, key, default)
-      message ||= Recaptcha.i18n(key, default)
-      if model
-        model.errors.add attribute, message
-      else
-        flash[:recaptcha_error] = message if recaptcha_flash_supported?
-      end
-    end
-
-    def recaptcha_flash_supported?
-      request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
-    end
-  end
-end