recaptcha 5.1.1 → 5.4.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +6 -0
- data/README.md +7 -7
- data/lib/recaptcha/adapters/controller_methods.rb +5 -4
- data/lib/recaptcha/helpers.rb +29 -7
- data/lib/recaptcha/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 9cf7aba9fe655e310a8fade5586b0c99ec18050fb0e1c5e41947d721f7b54f4b
|
4
|
+
data.tar.gz: 1c8e6a634ca69c6e2d783d4fa01cc683fc52ac4a66e6f00dccfa52e0ff953daf
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 98f916ad8b9f4b6c5f688b4485e8e8d9df83b6585d077538e206246b4f0f8675c267f54fc99d235e863017f4622dbfb1a19a760a48366c5f50027bdc7a5e6041
|
7
|
+
data.tar.gz: 108bd19c3b2b539c69a3647234565eea43c4638afc37d0862d74c7bccf0a0e1a28f23d51284cf2f768d55b23195ae9cc579f12b4948e86194bfdecd012d7dd29
|
data/CHANGELOG.md
CHANGED
data/README.md
CHANGED
@@ -147,7 +147,7 @@ Some of the options available:
|
|
147
147
|
| `:message` | Custom error message.
|
148
148
|
| `:secret_key` | Override the secret API key from the configuration.
|
149
149
|
| `:timeout` | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
|
150
|
-
| `:response` | Custom response parameter. (default: `params['g-recaptcha-response']`)
|
150
|
+
| `:response` | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
|
151
151
|
| `:hostname` | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
|
152
152
|
| `:env` | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
|
153
153
|
|
@@ -344,7 +344,7 @@ function). This lets you include `recaptcha_v3` within a `<form>` tag and have i
|
|
344
344
|
submit the token as part of the form submission.
|
345
345
|
|
346
346
|
Note: reCAPTCHA actually already adds its own hidden tag, like `<textarea
|
347
|
-
id="g-recaptcha-response-100000" name="g-recaptcha-response" class="g-recaptcha-response">`,
|
347
|
+
id="g-recaptcha-response-data-100000" name="g-recaptcha-response-data" class="g-recaptcha-response">`,
|
348
348
|
immediately ater the reCAPTCHA badge in the bottom right of the page — but since it is not inside of
|
349
349
|
any `<form>` element, and since it already passes the token to the callback, this hidden `textarea`
|
350
350
|
isn't helpful to us.
|
@@ -353,7 +353,7 @@ If you need to submit the response token to the server in a different way than v
|
|
353
353
|
submit, such as via [Ajax](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) or [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API),
|
354
354
|
then you can either:
|
355
355
|
1. just extract the token out of the hidden `<input>` or `<textarea>` (both of which will have a
|
356
|
-
predictable name/id), like `document.getElementById('g-recaptcha-response-my-action').value`, or
|
356
|
+
predictable name/id), like `document.getElementById('g-recaptcha-response-data-my-action').value`, or
|
357
357
|
2. write and specify a custom `callback` function. You may also want to pass `element: false` if you
|
358
358
|
don't have a use for the hidden input element.
|
359
359
|
|
@@ -388,11 +388,12 @@ but only accepts the following options:
|
|
388
388
|
| `:action` | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
|
389
389
|
| `:nonce` | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
|
390
390
|
| `:callback` | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
|
391
|
-
| `:id` | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-"` + `action`) |
|
392
|
-
| `:name` | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response[action]`) |
|
391
|
+
| `:id` | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
|
392
|
+
| `:name` | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response-data[action]`) |
|
393
393
|
| `:script` | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
|
394
394
|
| `:inline_script` | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
|
395
395
|
| `:element` | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
|
396
|
+
| `:turbolinks` | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbolinks. |
|
396
397
|
|
397
398
|
[JavaScript resource (api.js) parameters](https://developers.google.com/recaptcha/docs/invisible#js_param):
|
398
399
|
|
@@ -434,7 +435,7 @@ result_b = verify_recaptcha(action: 'b')
|
|
434
435
|
```
|
435
436
|
|
436
437
|
Because the response tokens for multiple actions may be submitted together in the same request, they
|
437
|
-
are passed as a hash under `params['g-recaptcha-response']` with the action as the key.
|
438
|
+
are passed as a hash under `params['g-recaptcha-response-data']` with the action as the key.
|
438
439
|
|
439
440
|
It is recommended to pass `external_script: false` on all but one of the calls to
|
440
441
|
`recaptcha` since you only need to include the script tag once for a given `site_key`.
|
@@ -501,4 +502,3 @@ verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
|
|
501
502
|
- Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
|
502
503
|
- [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)
|
503
504
|
- [Use Recaptcha with Devise](https://github.com/plataformatec/devise/wiki/How-To:-Use-Recaptcha-with-Devise)
|
504
|
-
|
@@ -70,12 +70,13 @@ module Recaptcha
|
|
70
70
|
request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
|
71
71
|
end
|
72
72
|
|
73
|
-
# Extracts response token from params. params['g-recaptcha-response']
|
74
|
-
#
|
75
|
-
# the
|
73
|
+
# Extracts response token from params. params['g-recaptcha-response-data'] for recaptcha_v3 or
|
74
|
+
# params['g-recaptcha-response'] for recaptcha_tags and invisible_recaptcha_tags and should
|
75
|
+
# either be a string or a hash with the action name(s) as keys. If it is a hash, then `action`
|
76
|
+
# is used as the key.
|
76
77
|
# @return [String] A response token if one was passed in the params; otherwise, `''`
|
77
78
|
def recaptcha_response_token(action = nil)
|
78
|
-
response_param = params['g-recaptcha-response']
|
79
|
+
response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
|
79
80
|
if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
|
80
81
|
response_param[action].to_s
|
81
82
|
else
|
data/lib/recaptcha/helpers.rb
CHANGED
@@ -10,8 +10,9 @@ module Recaptcha
|
|
10
10
|
def self.recaptcha_v3(options = {})
|
11
11
|
site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
|
12
12
|
action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
|
13
|
-
id
|
14
|
-
name = options.delete(:name) || "g-recaptcha-response[#{action}]"
|
13
|
+
id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
|
14
|
+
name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
|
15
|
+
turbolinks = options.delete(:turbolinks)
|
15
16
|
options[:render] = site_key
|
16
17
|
options[:script_async] ||= false
|
17
18
|
options[:script_defer] ||= false
|
@@ -22,8 +23,13 @@ module Recaptcha
|
|
22
23
|
end
|
23
24
|
options[:class] = "g-recaptcha-response #{options[:class]}"
|
24
25
|
|
26
|
+
if turbolinks
|
27
|
+
options[:onload] = recaptcha_v3_execute_function_name(action)
|
28
|
+
end
|
25
29
|
html, tag_attributes = components(options)
|
26
|
-
if
|
30
|
+
if turbolinks
|
31
|
+
html << recaptcha_v3_onload_script(site_key, action, callback, id, options)
|
32
|
+
elsif recaptcha_v3_inline_script?(options)
|
27
33
|
html << recaptcha_v3_inline_script(site_key, action, callback, id, options)
|
28
34
|
end
|
29
35
|
case element
|
@@ -181,7 +187,6 @@ module Recaptcha
|
|
181
187
|
function #{recaptcha_v3_execute_function_name(action)}() {
|
182
188
|
grecaptcha.ready(function() {
|
183
189
|
grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
|
184
|
-
//console.log('#{id}', token)
|
185
190
|
#{callback}('#{id}', token)
|
186
191
|
});
|
187
192
|
});
|
@@ -205,6 +210,24 @@ module Recaptcha
|
|
205
210
|
HTML
|
206
211
|
end
|
207
212
|
|
213
|
+
private_class_method def self.recaptcha_v3_onload_script(site_key, action, callback, id, options = {})
|
214
|
+
nonce = options[:nonce]
|
215
|
+
nonce_attr = " nonce='#{nonce}'" if nonce
|
216
|
+
|
217
|
+
<<-HTML
|
218
|
+
<script#{nonce_attr}>
|
219
|
+
function #{recaptcha_v3_execute_function_name(action)}() {
|
220
|
+
grecaptcha.ready(function() {
|
221
|
+
grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
|
222
|
+
#{callback}('#{id}', token)
|
223
|
+
});
|
224
|
+
});
|
225
|
+
};
|
226
|
+
#{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
|
227
|
+
</script>
|
228
|
+
HTML
|
229
|
+
end
|
230
|
+
|
208
231
|
private_class_method def self.recaptcha_v3_inline_script?(options)
|
209
232
|
!Recaptcha.skip_env?(options[:env]) &&
|
210
233
|
options[:script] != false &&
|
@@ -217,7 +240,6 @@ module Recaptcha
|
|
217
240
|
var element = document.getElementById(id);
|
218
241
|
element.value = token;
|
219
242
|
}
|
220
|
-
</script>
|
221
243
|
HTML
|
222
244
|
end
|
223
245
|
|
@@ -283,13 +305,13 @@ module Recaptcha
|
|
283
305
|
# Returns a camelized string that is safe for use in a JavaScript variable/function name.
|
284
306
|
# sanitize_action_for_js('my/action') => 'MyAction'
|
285
307
|
private_class_method def self.sanitize_action_for_js(action)
|
286
|
-
action.to_s.gsub(/\W/, '_').
|
308
|
+
action.to_s.gsub(/\W/, '_').split(/\/|_/).map(&:capitalize).join
|
287
309
|
end
|
288
310
|
|
289
311
|
# Returns a dasherized string that is safe for use as an HTML ID
|
290
312
|
# dasherize_action('my/action') => 'my-action'
|
291
313
|
private_class_method def self.dasherize_action(action)
|
292
|
-
action.to_s.gsub(/\W/, '-').
|
314
|
+
action.to_s.gsub(/\W/, '-').tr('_', '-')
|
293
315
|
end
|
294
316
|
|
295
317
|
private_class_method def self.hash_to_query(hash)
|
data/lib/recaptcha/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: recaptcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 5.
|
4
|
+
version: 5.4.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jason L Perry
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2020-03-17 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: json
|