recaptcha 5.12.0 → 5.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 4696b1987122715318c6ea1ce3ce1930dfe1cf9aad40913e74617f746db4176b
-  data.tar.gz: ab251d09e9ad5f9596dc8a8a0d70d9f108dbfbafaaff92fbfe72758877f84354
+  metadata.gz: 52997b101110f7111f307af5bc5a66ce28d71cc74af339a267d55f8fe4bdeb1d
+  data.tar.gz: 5b62b2bf9740563b8f4e8edc9e3fdd90303daa4e8ea205cdb94e39a842dba770
 SHA512:
-  metadata.gz: 764ffc3bad21f61f1b6d87212af60fcfa2533fe643de904a127f4ae47227aec45965a9d118429ea262e638e9021b62387716e8e96c3748ba71cb21cf96a7edc0
-  data.tar.gz: 5a61522e047c0a2fe8da6a6facdd4228dbd322904144f15646bf5a8ea7adbff51fbf6ce7b880a406a01192fc3adf9128a875611307b352a19f2501d72ff309a9
+  metadata.gz: 6fe87d18b768bcdd4bf50f6a8ba5248856bcf54d7dd5afb5c8f8f9da4003902f7078782c8f75c685874f4d1427deb1348c48d6fe001bd78aa733af0acf24060e
+  data.tar.gz: a0190cbff7d1e7f0d8b312ad2d6fc9e0a88336db8f8d2dea8ac9a7d678fd35faac9ec3ca7ba029f22b5b1d48614797caef9b56443e10837af1a2d5106fe7fccb

data/CHANGELOG.md

@@ -1,8 +1,42 @@
 ## Next
+* Add key setup to v3 example in README
+* Remove unnecessary id from textarea - This was unused and may cause accessability concerns if there is more than one recaptcha on the page due to multiple elements with the same id
+* Update to latest version of rubocop
+* Drop support for Ruby 2.7; add Ruby 3.3
+* Add i18n: de, es, it, pt, pt-BR
 
-* Added Dutch locale
+## 5.16.0
+* Allow usage of `options[:turbo]` as well as `options[:turbolinks]` for `recaptcha_v3`
+
+## 5.15.0
+* Add 3.2 to the list of Ruby CI versions
+* Add ability to submit verify_recaptcha via POST with JSON Body with `options[:json] = true`
+
+## 5.14.0
+* drop json dependency
+
+## 5.13.1
+* Permit actions as symbol
+
+## 5.13.0
+* Added option to ignore_no_element.
+
+## 5.12.3
+* Remove score fallback for enterprise
+* Update enterprise tests to v1 assessment schema
+
+## 5.12.2
+* Fix minimum score for enterprise
+
+## 5.12.1
+* Fix Japanese locale
+
+## 5.12.0
 * Added Japanese locale
 
+## 5.11.0
+* Added Dutch locale
+
 ## 5.10.1
 * Fix enterprise_verify_url #415
 

data/README.md

@@ -78,6 +78,10 @@ export RECAPTCHA_ENTERPRISE_API_KEY    = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyup
 export RECAPTCHA_ENTERPRISE_PROJECT_ID = 'my-project'
 ```
 
+_note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however. 
+
+`RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials. 
+
 Add `recaptcha_tags` to the forms you want to protect:
 
 ```erb
@@ -181,6 +185,7 @@ Some of the options available:
 | `:response`               | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
 | `:hostname`               | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
 | `:env`                    | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
+| `:json`                   | Boolean; defaults to false; if true, will submit the verification request by POST with the request data in JSON
 
 
 ### `invisible_recaptcha_tags`
@@ -304,6 +309,14 @@ With v3, you can let all users log in without any intervention at all if their s
 threshold, and only show a v2 checkbox recaptcha challenge (fall back to v2) if it is below the
 threshold:
 
+This example sets v2 keys through environment variables. For more information on how to set up keys, please refer to the [documentation here](#alternative-api-key-setup).
+
+```bash
+# .env
+RECAPTCHA_SITE_KEY=6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy
+RECAPTCHA_SECRET_KEY=6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx
+```
+
 ```erb
   …
   <% if @show_checkbox_recaptcha %>
@@ -418,7 +431,7 @@ but only accepts the following options:
 | Option              | Description |
 |---------------------|-------------|
 | `:site_key`         | Override site API key |
-| `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
+| `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions are not case-sensitive and may only contain alphanumeric characters, slashes, and underscores, and must not be user-specific. |
 | `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
 | `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
@@ -426,7 +439,9 @@ but only accepts the following options:
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
 | `:inline_script`    | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
 | `:element`          | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
-| `:turbolinks`          | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbolinks. |
+| `:turbo`              | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbo. |
+| `:turbolinks`         | Alias of `:turbo`. Will be deprecated soon. |
+| `:ignore_no_element`  | If `true`, adds null element checker for forms that can be removed from the page by javascript like modals with forms. (default: true) |
 
 [JavaScript resource (api.js) parameters](https://developers.google.com/recaptcha/docs/invisible#js_param):
 

data/lib/recaptcha/helpers.rb

@@ -12,10 +12,11 @@ module Recaptcha
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
       id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
       name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
-      turbolinks = options.delete(:turbolinks)
+      turbo = options.delete(:turbo) || options.delete(:turbolinks)
       options[:render] = site_key
       options[:script_async] ||= false
       options[:script_defer] ||= false
+      options[:ignore_no_element] = options.key?(:ignore_no_element) ? options[:ignore_no_element] : true
       element = options.delete(:element)
       element = element == false ? false : :input
       if element == :input
@@ -23,11 +24,11 @@ module Recaptcha
       end
       options[:class] = "g-recaptcha-response #{options[:class]}"
 
-      if turbolinks
+      if turbo
         options[:onload] = recaptcha_v3_execute_function_name(action)
       end
       html, tag_attributes = components(options)
-      if turbolinks
+      if turbo
         html << recaptcha_v3_onload_script(site_key, action, callback, id, options)
       elsif recaptcha_v3_inline_script?(options)
         html << recaptcha_v3_inline_script(site_key, action, callback, id, options)
@@ -73,7 +74,7 @@ module Recaptcha
               <div style="width: 300px; height: 60px; border-style: none;
                 bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;
                 background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
-                <textarea id="g-recaptcha-response" name="g-recaptcha-response"
+                <textarea name="g-recaptcha-response"
                   class="g-recaptcha-response"
                   style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
                   margin: 10px 25px; padding: 0px; resize: none;">
@@ -138,6 +139,7 @@ module Recaptcha
       nonce = options.delete(:nonce)
       skip_script = (options.delete(:script) == false) || (options.delete(:external_script) == false)
       ui = options.delete(:ui)
+      options.delete(:ignore_no_element)
 
       data_attribute_keys = [:badge, :theme, :type, :callback, :expired_callback, :error_callback, :size]
       data_attribute_keys << :tabindex unless ui == :button
@@ -206,7 +208,7 @@ module Recaptcha
             })
           };
 
-          #{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
+          #{recaptcha_v3_define_default_callback(callback, options) if recaptcha_v3_define_default_callback?(callback, action, options)}
         </script>
       HTML
     end
@@ -224,7 +226,7 @@ module Recaptcha
               });
             });
           };
-          #{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
+          #{recaptcha_v3_define_default_callback(callback, options) if recaptcha_v3_define_default_callback?(callback, action, options)}
         </script>
       HTML
     end
@@ -235,12 +237,12 @@ module Recaptcha
       options[:inline_script] != false
     end
 
-    private_class_method def self.recaptcha_v3_define_default_callback(callback)
+    private_class_method def self.recaptcha_v3_define_default_callback(callback, options)
       <<-HTML
-          var #{callback} = function(id, token) {
-            var element = document.getElementById(id);
-            element.value = token;
-          }
+        var #{callback} = function(id, token) {
+          var element = document.getElementById(id);
+          #{element_check_condition(options)} element.value = token;
+        }
       HTML
     end
 
@@ -328,5 +330,9 @@ module Recaptcha
     private_class_method def self.hash_to_query(hash)
       hash.delete_if { |_, val| val.nil? || val.empty? }.to_a.map { |pair| pair.join('=') }.join('&')
     end
+
+    private_class_method def self.element_check_condition(options)
+      options[:ignore_no_element] ? "if (element !== null)" : ""
+    end
   end
 end

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.12.0'
+  VERSION = '5.17.0'
 end

data/lib/recaptcha.rb

@@ -77,13 +77,14 @@ module Recaptcha
     body['event']['userIpAddress'] = options[:remote_ip] if options.key?(:remote_ip)
 
     reply = api_verification_enterprise(query_params, body, project_id, timeout: options[:timeout])
+    score = reply.dig('riskAnalysis', 'score')
     token_properties = reply['tokenProperties']
     success = !token_properties.nil? &&
       token_properties['valid'].to_s == 'true' &&
       hostname_valid?(token_properties['hostname'], options[:hostname]) &&
       action_valid?(token_properties['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score]) &&
-      score_below_threshold?(reply['score'], options[:maximum_score])
+      score_above_threshold?(score, options[:minimum_score]) &&
+      score_below_threshold?(score, options[:maximum_score])
 
     if options[:with_reply] == true
       [success, reply]
@@ -97,7 +98,7 @@ module Recaptcha
     verify_hash = { 'secret' => secret_key, 'response' => response }
     verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
 
-    reply = api_verification_free(verify_hash, timeout: options[:timeout])
+    reply = api_verification_free(verify_hash, timeout: options[:timeout], json: options[:json])
     success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
@@ -124,7 +125,7 @@ module Recaptcha
   def self.action_valid?(action, expected_action)
     case expected_action
     when nil, FalseClass then true
-    else action == expected_action
+    else action == expected_action.to_s
     end
   end
 
@@ -151,11 +152,18 @@ module Recaptcha
     instance
   end
 
-  def self.api_verification_free(verify_hash, timeout: nil)
-    query = URI.encode_www_form(verify_hash)
-    uri = URI.parse("#{configuration.verify_url}?#{query}")
+  def self.api_verification_free(verify_hash, timeout: nil, json: false)
+    if json
+      uri = URI.parse(configuration.verify_url)
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request['Content-Type'] = 'application/json; charset=utf-8'
+      request.body = JSON.generate(verify_hash)
+    else
+      query = URI.encode_www_form(verify_hash)
+      uri = URI.parse("#{configuration.verify_url}?#{query}")
+      request = Net::HTTP::Get.new(uri.request_uri)
+    end
     http_instance = http_client_for(uri: uri, timeout: timeout)
-    request = Net::HTTP::Get.new(uri.request_uri)
     JSON.parse(http_instance.request(request).body)
   end
 

data/rails/locales/de.yml

@@ -0,0 +1,5 @@
+de:
+  recaptcha:
+    errors:
+      verification_failed: Die reCAPTCHA-Überprüfung ist fehlgeschlagen, bitte versuchen Sie es erneut.
+      recaptcha_unreachable: Oops, wir konnten Ihre reCAPTCHA-Antwort nicht validieren. Bitte versuchen Sie es erneut.

data/rails/locales/es.yml

@@ -0,0 +1,5 @@
+es:
+  recaptcha:
+    errors:
+      verification_failed: La verificación de reCAPTCHA falló, por favor intente de nuevo.
+      recaptcha_unreachable: Ups, no pudimos validar su respuesta de reCAPTCHA. Por favor intente de nuevo.

data/rails/locales/it.yml

@@ -0,0 +1,5 @@
+it:
+  recaptcha:
+    errors:
+      verification_failed: La verifica reCAPTCHA non è riuscita, si prega di riprovare.
+      recaptcha_unreachable: Ops, non siamo riusciti a convalidare la tua risposta reCAPTCHA. Per favore riprova.

data/rails/locales/ja.yml

@@ -1,4 +1,4 @@
-en:
+ja:
   recaptcha:
     errors:
       verification_failed: reCAPTCHA認証に失敗しました。もう一度お試しください。

data/rails/locales/pt-BR.yml

@@ -0,0 +1,5 @@
+pt-BR:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

data/rails/locales/pt.yml

@@ -0,0 +1,5 @@
+pt:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.12.0
+  version: 5.17.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2022-08-28 00:00:00.000000000 Z
+date: 2024-06-09 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -154,10 +140,15 @@ files:
 - lib/recaptcha/rails.rb
 - lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
+- rails/locales/de.yml
 - rails/locales/en.yml
+- rails/locales/es.yml
 - rails/locales/fr.yml
+- rails/locales/it.yml
 - rails/locales/ja.yml
 - rails/locales/nl.yml
+- rails/locales/pt-BR.yml
+- rails/locales/pt.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
@@ -171,14 +162,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API