recaptcha 5.17.1 → 5.19.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 0cd4e9e48bb155611d906ffd22546fc3e25feb07db13ed55a7c3209b53249cd4
-  data.tar.gz: 9417568b47cb0db8d1b8a87b6de59e9df9043c948acc662824e22b16c25bf3f5
+  metadata.gz: 61fa7316f287cfcec8e2b06d36481f1fa596d1b629810a784fae509c55255b2f
+  data.tar.gz: 7cf82254973204d7ac47b6bba428ff394e24c9ec5dbbb5669657b4c10b30c16b
 SHA512:
-  metadata.gz: 2c3a5765b93cc36d87a91249a880a7d81f5a7c864295572e378f0f6c7e21624250f297b9ce139fa68f019e6ddb390f62f8c1615f8a69a8aacf8aae3587e2f0b6
-  data.tar.gz: 863775382a5b6c8f767ca09af046e94abbe697eb25201087c5ceb2a37e16a57c1ad56d2f8ae00f3bd79d0d686b656dd9eece95fc46b8c5d9a22403026da282f5
+  metadata.gz: 572402b7af72a67f76a1952cb7e5739a7cf4073ba0b510f55f8f74bc59a6e6116bad1be5ece41e20a43cb2d3c36c7ab2bca072b8a4c27b5a1db16d1007846284
+  data.tar.gz: 021a0fa67e25aee448c66c43ae5fd3295d1472329bccdcfe4a5acf2c6fe90fd83c9cdcf8963db29816919fb6383d49c8303d41032e1af8abde3dcafbdeacc36a

data/CHANGELOG.md

@@ -1,9 +1,17 @@
 ## Next
+
+
+
+## 5.19.0
+* require a minimum lenght of 100 for responses, configured via response_minimum
+
+## 5.18.0
 * Add key setup to v3 example in README
 * Remove unnecessary id from textarea - This was unused and may cause accessability concerns if there is more than one recaptcha on the page due to multiple elements with the same id
 * Update to latest version of rubocop
 * Drop support for Ruby 2.7; add Ruby 3.3
 * Add i18n: de, es, it, pt, pt-BR
+* Added recaptcha_failure_reason
 
 ## 5.16.0
 * Allow usage of `options[:turbo]` as well as `options[:turbolinks]` for `recaptcha_v3`

data/README.md

@@ -78,9 +78,9 @@ export RECAPTCHA_ENTERPRISE_API_KEY    = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyup
 export RECAPTCHA_ENTERPRISE_PROJECT_ID = 'my-project'
 ```
 
-_note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however. 
+_note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however.
 
-`RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials. 
+`RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials.
 
 Add `recaptcha_tags` to the forms you want to protect:
 
@@ -488,7 +488,7 @@ are passed as a hash under `params['g-recaptcha-response-data']` with the action
 It is recommended to pass `external_script: false` on all but one of the calls to
 `recaptcha` since you only need to include the script tag once for a given `site_key`.
 
-## `recaptcha_reply`
+## `recaptcha_reply` and `recaptcha_failure_reason`
 
 After `verify_recaptcha` has been called, you can call `recaptcha_reply` to get the raw reply from recaptcha. This can allow you to get the exact score returned by recaptcha should you need it.
 
@@ -504,6 +504,8 @@ end
 
 `recaptcha_reply` will return `nil` if the the reply was not yet fetched.
 
+`recaptcha_failure_reason` will return information if verification failed. E.g. if params was wrong or api resulted some error-codes.
+
 ## I18n support
 
 reCAPTCHA supports the I18n gem (it comes with English translations)
@@ -587,6 +589,7 @@ Recaptcha.configure do |config|
   config.verify_url = 'https://hcaptcha.com/siteverify'
   config.api_server_url = 'https://hcaptcha.com/1/api.js'
   config.response_limit = 100000
+  config.response_minimum = 100
 end
 ```
 

data/lib/recaptcha/adapters/controller_methods.rb

@@ -17,6 +17,11 @@ module Recaptcha
 
         begin
           verified = if Recaptcha.invalid_response?(recaptcha_response)
+            @_recaptcha_failure_reason = if recaptcha_response.nil?
+              "No recaptcha response/param(:action) found."
+            else
+              "Recaptcha response/param(:action) was invalid."
+            end
             false
           else
             unless options[:skip_remote_ip]
@@ -26,10 +31,21 @@ module Recaptcha
 
             success, @_recaptcha_reply =
               Recaptcha.verify_via_api_call(recaptcha_response, options.merge(with_reply: true))
+            unless success
+              @_recaptcha_failure_reason = if @_recaptcha_reply["score"] &&
+                                              @_recaptcha_reply["score"].to_f < options[:minimum_score].to_f
+                "Recaptcha score didn't exceed the minimum: #{@_recaptcha_reply["score"]} < #{options[:minimum_score]}."
+              elsif @_recaptcha_reply['error-codes']
+                "Recaptcha api call returned with error-codes: #{@_recaptcha_reply['error-codes']}."
+              else
+                "Recaptcha failure after api call. Api reply: #{@_recaptcha_reply}."
+              end
+            end
             success
           end
 
           if verified
+            @_recaptcha_failure_reason = nil
             flash.delete(:recaptcha_error) if recaptcha_flash_supported? && !model
             true
           else
@@ -41,6 +57,7 @@ module Recaptcha
             false
           end
         rescue Timeout::Error
+          @_recaptcha_failure_reason = "Recaptcha server unreachable."
           if Recaptcha.configuration.handle_timeouts_gracefully
             recaptcha_error(
               model,
@@ -57,13 +74,17 @@ module Recaptcha
       end
 
       def verify_recaptcha!(options = {})
-        verify_recaptcha(options) || raise(VerifyError)
+        verify_recaptcha(options) || raise(VerifyError, @_recaptcha_failure_reason)
       end
 
       def recaptcha_reply
         @_recaptcha_reply if defined?(@_recaptcha_reply)
       end
 
+      def recaptcha_failure_reason
+        @_recaptcha_failure_reason
+      end
+
       def recaptcha_error(model, attribute, message)
         if model
           model.errors.add(attribute, message)

data/lib/recaptcha/configuration.rb

@@ -37,8 +37,10 @@ module Recaptcha
       'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1/projects'
     }.freeze
 
-    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
-                  :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
+    attr_accessor(
+      :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
+      :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit, :response_minimum
+    )
     attr_writer :api_server_url, :verify_url
 
     def initialize # :nodoc:
@@ -57,6 +59,7 @@ module Recaptcha
       @api_server_url = nil
 
       @response_limit = 4000
+      @response_minimum = 100
     end
 
     def secret_key!

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.17.1'
+  VERSION = '5.19.0'
 end

data/lib/recaptcha.rb

@@ -55,7 +55,7 @@ module Recaptcha
   end
 
   def self.invalid_response?(resp)
-    resp.empty? || resp.length > configuration.response_limit
+    resp.empty? || resp.length > configuration.response_limit || resp.length < configuration.response_minimum
   end
 
   def self.verify_via_api_call(response, options)

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.17.1
+  version: 5.19.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2024-11-27 00:00:00.000000000 Z
+date: 2025-01-14 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: mocha