recaptcha 5.16.0 → 5.18.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 66a204367215f4ea083958e3f322fc7f2955e7481c09a5cadb1f57cf3acd187e
-  data.tar.gz: b6e7c0417b4d81bd0e7f15f7837968fbf65096e5d4a6286e297f1bbc030b7744
+  metadata.gz: 41990aba0d4786ebf87da392ac025d8725d5ca5f30c9e1018b0cf2197f8efada
+  data.tar.gz: 34b8d6b1dc5e34d9349c64f3a2d2c77f0cc67b2570077788e9e128d2a855a927
 SHA512:
-  metadata.gz: 2c9162ae165cfb00d6ed03f91ef832e90e6bc357cfc31ee71a1a52311910fb183eb40a50967fa04f729243924c1fc9defad7d2030353ccc895b31e7bdb28e210
-  data.tar.gz: 8da70c71cb13ce29d7ddfa956795dc2bdcff53ea8aeaa64ad6495e5b4cfa40d82bfd90d9870220173a955e095346ba8f6e451364278af5887e4360b6d5601e07
+  metadata.gz: b3d440a27b41351c81ca9ad94368ea5485d1a1bed05092c011bbfe358cb8c829e89bc295a52a0e323333fc1a3135384149bd3ec13f0cd4c6a8fcc09184a3d4d4
+  data.tar.gz: f176ce1beb9764f342dedc8c36cbc40b248ae230c758f2df3053c891c5616b4898e435fde8251da03ff5e690b535bef64bdc7e2257aadc8755f7f0e4efbddbfd

data/CHANGELOG.md

@@ -1,4 +1,10 @@
 ## Next
+* Add key setup to v3 example in README
+* Remove unnecessary id from textarea - This was unused and may cause accessability concerns if there is more than one recaptcha on the page due to multiple elements with the same id
+* Update to latest version of rubocop
+* Drop support for Ruby 2.7; add Ruby 3.3
+* Add i18n: de, es, it, pt, pt-BR
+* Added recaptcha_failure_reason
 
 ## 5.16.0
 * Allow usage of `options[:turbo]` as well as `options[:turbolinks]` for `recaptcha_v3`

data/README.md

@@ -78,6 +78,10 @@ export RECAPTCHA_ENTERPRISE_API_KEY    = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyup
 export RECAPTCHA_ENTERPRISE_PROJECT_ID = 'my-project'
 ```
 
+_note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however.
+
+`RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials.
+
 Add `recaptcha_tags` to the forms you want to protect:
 
 ```erb
@@ -126,7 +130,7 @@ The following options are available:
 | `:site_key`         | Override site API key from configuration |
 | `:error`            | Override the error code returned from the reCAPTCHA API (default: `nil`) |
 | `:size`             | Specify a size (default: `nil`) |
-| `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
+| `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. Use `content_security_policy_nonce` if you have `config.content_security_policy_nonce_generator` set in Rails. (default: `nil`) |
 | `:id`               | Specify an html id attribute (default: `nil`) |
 | `:callback`         | Optional. Name of success callback function, executed when the user submits a successful response |
 | `:expired_callback` | Optional. Name of expiration callback function, executed when the reCAPTCHA response expires and the user needs to re-verify. |
@@ -204,7 +208,7 @@ It also accepts most of the options that `recaptcha_tags` accepts, including the
 | Option              | Description |
 |---------------------|-------------|
 | `:site_key`         | Override site API key from configuration |
-| `:nonce`            | Optional. Sets nonce attribute for script tag. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
+| `:nonce`            | Optional. Sets nonce attribute for script tag. Can be generated via `SecureRandom.base64(32)`. Use `content_security_policy_nonce` if you have `config.content_security_policy_nonce_generator` set in Rails. (default: `nil`) |
 | `:id`               | Specify an html id attribute (default: `nil`) |
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. If you only need one or the other, use `:inline_script` and `:external_script` instead. |
 | `:callback`         | Optional. Name of success callback function, executed when the user submits a successful response |
@@ -305,6 +309,14 @@ With v3, you can let all users log in without any intervention at all if their s
 threshold, and only show a v2 checkbox recaptcha challenge (fall back to v2) if it is below the
 threshold:
 
+This example sets v2 keys through environment variables. For more information on how to set up keys, please refer to the [documentation here](#alternative-api-key-setup).
+
+```bash
+# .env
+RECAPTCHA_SITE_KEY=6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy
+RECAPTCHA_SECRET_KEY=6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx
+```
+
 ```erb
   …
   <% if @show_checkbox_recaptcha %>
@@ -420,7 +432,7 @@ but only accepts the following options:
 |---------------------|-------------|
 | `:site_key`         | Override site API key |
 | `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions are not case-sensitive and may only contain alphanumeric characters, slashes, and underscores, and must not be user-specific. |
-| `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
+| `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. Use `content_security_policy_nonce` if you have `config.content_security_policy_nonce_generator` set in Rails. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
 | `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
 | `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response-data[action]`) |
@@ -476,7 +488,7 @@ are passed as a hash under `params['g-recaptcha-response-data']` with the action
 It is recommended to pass `external_script: false` on all but one of the calls to
 `recaptcha` since you only need to include the script tag once for a given `site_key`.
 
-## `recaptcha_reply`
+## `recaptcha_reply` and `recaptcha_failure_reason`
 
 After `verify_recaptcha` has been called, you can call `recaptcha_reply` to get the raw reply from recaptcha. This can allow you to get the exact score returned by recaptcha should you need it.
 
@@ -492,6 +504,8 @@ end
 
 `recaptcha_reply` will return `nil` if the the reply was not yet fetched.
 
+`recaptcha_failure_reason` will return information if verification failed. E.g. if params was wrong or api resulted some error-codes.
+
 ## I18n support
 
 reCAPTCHA supports the I18n gem (it comes with English translations)

data/lib/recaptcha/adapters/controller_methods.rb

@@ -17,6 +17,11 @@ module Recaptcha
 
         begin
           verified = if Recaptcha.invalid_response?(recaptcha_response)
+            @_recaptcha_failure_reason = if recaptcha_response.nil?
+              "No recaptcha response/param(:action) found."
+            else
+              "Recaptcha response/param(:action) was invalid."
+            end
             false
           else
             unless options[:skip_remote_ip]
@@ -26,10 +31,21 @@ module Recaptcha
 
             success, @_recaptcha_reply =
               Recaptcha.verify_via_api_call(recaptcha_response, options.merge(with_reply: true))
+            unless success
+              @_recaptcha_failure_reason = if @_recaptcha_reply["score"] &&
+                                              @_recaptcha_reply["score"].to_f < options[:minimum_score].to_f
+                "Recaptcha score didn't exceed the minimum: #{@_recaptcha_reply["score"]} < #{options[:minimum_score]}."
+              elsif @_recaptcha_reply['error-codes']
+                "Recaptcha api call returned with error-codes: #{@_recaptcha_reply['error-codes']}."
+              else
+                "Recaptcha failure after api call. Api reply: #{@_recaptcha_reply}."
+              end
+            end
             success
           end
 
           if verified
+            @_recaptcha_failure_reason = nil
             flash.delete(:recaptcha_error) if recaptcha_flash_supported? && !model
             true
           else
@@ -41,6 +57,7 @@ module Recaptcha
             false
           end
         rescue Timeout::Error
+          @_recaptcha_failure_reason = "Recaptcha server unreachable."
           if Recaptcha.configuration.handle_timeouts_gracefully
             recaptcha_error(
               model,
@@ -57,13 +74,17 @@ module Recaptcha
       end
 
       def verify_recaptcha!(options = {})
-        verify_recaptcha(options) || raise(VerifyError)
+        verify_recaptcha(options) || raise(VerifyError, @_recaptcha_failure_reason)
       end
 
       def recaptcha_reply
         @_recaptcha_reply if defined?(@_recaptcha_reply)
       end
 
+      def recaptcha_failure_reason
+        @_recaptcha_failure_reason
+      end
+
       def recaptcha_error(model, attribute, message)
         if model
           model.errors.add(attribute, message)

data/lib/recaptcha/helpers.rb

@@ -74,7 +74,7 @@ module Recaptcha
               <div style="width: 300px; height: 60px; border-style: none;
                 bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;
                 background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
-                <textarea id="g-recaptcha-response" name="g-recaptcha-response"
+                <textarea name="g-recaptcha-response"
                   class="g-recaptcha-response"
                   style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
                   margin: 10px 25px; padding: 0px; resize: none;">
@@ -140,6 +140,7 @@ module Recaptcha
       skip_script = (options.delete(:script) == false) || (options.delete(:external_script) == false)
       ui = options.delete(:ui)
       options.delete(:ignore_no_element)
+      options.delete(:inline_script)
 
       data_attribute_keys = [:badge, :theme, :type, :callback, :expired_callback, :error_callback, :size]
       data_attribute_keys << :tabindex unless ui == :button

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.16.0'
+  VERSION = '5.18.0'
 end

data/rails/locales/de.yml

@@ -0,0 +1,5 @@
+de:
+  recaptcha:
+    errors:
+      verification_failed: Die reCAPTCHA-Überprüfung ist fehlgeschlagen, bitte versuchen Sie es erneut.
+      recaptcha_unreachable: Oops, wir konnten Ihre reCAPTCHA-Antwort nicht validieren. Bitte versuchen Sie es erneut.

data/rails/locales/es.yml

@@ -0,0 +1,5 @@
+es:
+  recaptcha:
+    errors:
+      verification_failed: La verificación de reCAPTCHA falló, por favor intente de nuevo.
+      recaptcha_unreachable: Ups, no pudimos validar su respuesta de reCAPTCHA. Por favor intente de nuevo.

data/rails/locales/it.yml

@@ -0,0 +1,5 @@
+it:
+  recaptcha:
+    errors:
+      verification_failed: La verifica reCAPTCHA non è riuscita, si prega di riprovare.
+      recaptcha_unreachable: Ops, non siamo riusciti a convalidare la tua risposta reCAPTCHA. Per favore riprova.

data/rails/locales/pt-BR.yml

@@ -0,0 +1,5 @@
+pt-BR:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

data/rails/locales/pt.yml

@@ -0,0 +1,5 @@
+pt:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.16.0
+  version: 5.18.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2023-10-24 00:00:00.000000000 Z
+date: 2024-12-08 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mocha
@@ -140,10 +140,15 @@ files:
 - lib/recaptcha/rails.rb
 - lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
+- rails/locales/de.yml
 - rails/locales/en.yml
+- rails/locales/es.yml
 - rails/locales/fr.yml
+- rails/locales/it.yml
 - rails/locales/ja.yml
 - rails/locales/nl.yml
+- rails/locales/pt-BR.yml
+- rails/locales/pt.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
@@ -157,14 +162,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.7.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.3.3
+rubygems_version: 3.4.10
 signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API