recaptcha 5.2.0 → 5.5.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 94a9b4a77081e448fdd8183dbbbbfd2dd7cf797508e84ee2e37830a9398fd6d1
-  data.tar.gz: 3761a642f1b421fd554303de7bab636bc69296df1f62c1c76fe987ecc617971f
+  metadata.gz: ba681f9321310ca16bb41dc622bf7051c30df10ec000582f9dd8d29310e21136
+  data.tar.gz: 8d9a3a4a7adb2ea830f17ace469e6b475d4d5c633c6988cd04dd56a7fd70e414
 SHA512:
-  metadata.gz: 07d9a1f2fff0d745a59eb0e28d23879a22203037971ed1d3311b39bccf1b34f8120ab58a2cd7e05fabd7037ab2ad0e3d5882f3335d103c9f27145026deef19a6
-  data.tar.gz: 2b2b799c18f2dd81346213d74c1d62729e241de41ab2f19c2b3ec04d57534f8adb5fd4922d7a219d0f8c916e63a842d0802ba4364f84d7388de7d4736ec90e46
+  metadata.gz: efba5551493debe23617c41db429c224f51a4d0253274cf6fe28c5e384d78f4bd374ba3ad3132c2009cb2df9813266ac3a90eabd9a019aa7d48ee3999f2451e3
+  data.tar.gz: 1dfd4f2281c8f6902b1c70ca0d272d0d2f671d9062669f147cfb38416ee771e7348ff131c8fd957c1e8674b7d83ad3f3c79f6c306a7779638b4481000534f695

data/CHANGELOG.md

@@ -1,5 +1,11 @@
 ## Next
 
+## 5.3.0
+* turbolinks support
+
+## 5.2.0
+* remove dependency on rails methods
+
 ## 5.1.0
 * Added default translations for rails/i18n
 * use recaptcha.net for the script tag

data/README.md

@@ -147,7 +147,7 @@ Some of the options available:
 | `:message`     | Custom error message.
 | `:secret_key`  | Override the secret API key from the configuration.
 | `:timeout`     | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
-| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response']`)
+| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
 | `:hostname`    | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
 | `:env`         | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
 
@@ -344,7 +344,7 @@ function). This lets you include `recaptcha_v3` within a `<form>` tag and have i
 submit the token as part of the form submission.
 
 Note: reCAPTCHA actually already adds its own hidden tag, like `<textarea
-id="g-recaptcha-response-100000" name="g-recaptcha-response" class="g-recaptcha-response">`,
+id="g-recaptcha-response-data-100000" name="g-recaptcha-response-data" class="g-recaptcha-response">`,
 immediately ater the reCAPTCHA badge in the bottom right of the page — but since it is not inside of
 any `<form>` element, and since it already passes the token to the callback, this hidden `textarea`
 isn't helpful to us.
@@ -353,7 +353,7 @@ If you need to submit the response token to the server in a different way than v
 submit, such as via [Ajax](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) or [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API),
 then you can either:
 1. just extract the token out of the hidden `<input>` or `<textarea>` (both of which will have a
-   predictable name/id), like `document.getElementById('g-recaptcha-response-my-action').value`, or
+   predictable name/id), like `document.getElementById('g-recaptcha-response-data-my-action').value`, or
 2. write and specify a custom `callback` function. You may also want to pass `element: false` if you
    don't have a use for the hidden input element.
 
@@ -388,11 +388,12 @@ but only accepts the following options:
 | `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
 | `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
-| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-"` + `action`) |
-| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response[action]`) |
+| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
+| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response-data[action]`) |
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
 | `:inline_script`    | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
 | `:element`          | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
+| `:turbolinks`          | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbolinks. |
 
 [JavaScript resource (api.js) parameters](https://developers.google.com/recaptcha/docs/invisible#js_param):
 
@@ -434,11 +435,27 @@ result_b = verify_recaptcha(action: 'b')
 ```
 
 Because the response tokens for multiple actions may be submitted together in the same request, they
-are passed as a hash under `params['g-recaptcha-response']` with the action as the key.
+are passed as a hash under `params['g-recaptcha-response-data']` with the action as the key.
 
 It is recommended to pass `external_script: false` on all but one of the calls to
 `recaptcha` since you only need to include the script tag once for a given `site_key`.
 
+## `recaptcha_reply`
+
+After `verify_recaptcha` has been called, you can call `recaptcha_reply` to get the raw reply from recaptcha. This can allow you to get the exact score returned by recaptcha should you need it.
+
+```ruby
+if verify_recaptcha(action: 'login')
+  redirect_to @user
+else
+  score = recaptcha_reply['score']
+  Rails.logger.warn("User #{@user.id} was denied login because of a recaptcha score of #{score}")
+  render 'new'
+end
+```
+
+`recaptcha_reply` will return `nil` if the the reply was not yet fetched.
+
 ## I18n support
 
 reCAPTCHA supports the I18n gem (it comes with English translations)
@@ -501,4 +518,3 @@ verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)
  - [Use Recaptcha with Devise](https://github.com/plataformatec/devise/wiki/How-To:-Use-Recaptcha-with-Devise)
-

data/lib/recaptcha.rb

@@ -65,10 +65,16 @@ module Recaptcha
     verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
 
     reply = api_verification(verify_hash, timeout: options[:timeout])
-    reply['success'].to_s == 'true' &&
+    success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
       score_above_threshold?(reply['score'], options[:minimum_score])
+
+    if options[:with_reply] == true
+      return success, reply
+    else
+      return success
+    end
   end
 
   def self.hostname_valid?(hostname, validation)

data/lib/recaptcha/adapters/controller_methods.rb

@@ -24,7 +24,9 @@ module Recaptcha
               options = options.merge(remote_ip: remoteip.to_s) if remoteip
             end
 
-            Recaptcha.verify_via_api_call(recaptcha_response, options)
+            success, @_recaptcha_reply =
+              Recaptcha.verify_via_api_call(recaptcha_response, options.merge(with_reply: true))
+            success
           end
 
           if verified
@@ -58,6 +60,10 @@ module Recaptcha
         verify_recaptcha(options) || raise(VerifyError)
       end
 
+      def recaptcha_reply
+        @_recaptcha_reply if defined?(@_recaptcha_reply)
+      end
+
       def recaptcha_error(model, attribute, message)
         if model
           model.errors.add(attribute, message)
@@ -70,12 +76,13 @@ module Recaptcha
         request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
       end
 
-      # Extracts response token from params. params['g-recaptcha-response'] should either be a
-      # string or a hash with the action name(s) as keys. If it is a hash, then `action` is used as
-      # the key.
+      # Extracts response token from params. params['g-recaptcha-response-data'] for recaptcha_v3 or
+      # params['g-recaptcha-response'] for recaptcha_tags and invisible_recaptcha_tags and should
+      # either be a string or a hash with the action name(s) as keys. If it is a hash, then `action`
+      # is used as the key.
       # @return [String] A response token if one was passed in the params; otherwise, `''`
       def recaptcha_response_token(action = nil)
-        response_param = params['g-recaptcha-response']
+        response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
         if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
           response_param[action].to_s
         else

data/lib/recaptcha/helpers.rb

@@ -10,8 +10,9 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id   = options.delete(:id)   || "g-recaptcha-response-" + dasherize_action(action)
-      name = options.delete(:name) || "g-recaptcha-response[#{action}]"
+      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
+      turbolinks = options.delete(:turbolinks)
       options[:render] = site_key
       options[:script_async] ||= false
       options[:script_defer] ||= false
@@ -22,8 +23,13 @@ module Recaptcha
       end
       options[:class] = "g-recaptcha-response #{options[:class]}"
 
+      if turbolinks
+        options[:onload] = recaptcha_v3_execute_function_name(action)
+      end
       html, tag_attributes = components(options)
-      if recaptcha_v3_inline_script?(options)
+      if turbolinks
+        html << recaptcha_v3_onload_script(site_key, action, callback, id, options)
+      elsif recaptcha_v3_inline_script?(options)
         html << recaptcha_v3_inline_script(site_key, action, callback, id, options)
       end
       case element
@@ -181,7 +187,6 @@ module Recaptcha
           function #{recaptcha_v3_execute_function_name(action)}() {
             grecaptcha.ready(function() {
               grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
-                //console.log('#{id}', token)
                 #{callback}('#{id}', token)
               });
             });
@@ -205,6 +210,24 @@ module Recaptcha
       HTML
     end
 
+    private_class_method def self.recaptcha_v3_onload_script(site_key, action, callback, id, options = {})
+      nonce = options[:nonce]
+      nonce_attr = " nonce='#{nonce}'" if nonce
+
+      <<-HTML
+        <script#{nonce_attr}>
+          function #{recaptcha_v3_execute_function_name(action)}() {
+            grecaptcha.ready(function() {
+              grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
+                #{callback}('#{id}', token)
+              });
+            });
+          };
+          #{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
+        </script>
+      HTML
+    end
+
     private_class_method def self.recaptcha_v3_inline_script?(options)
       !Recaptcha.skip_env?(options[:env]) &&
       options[:script] != false &&
@@ -217,7 +240,6 @@ module Recaptcha
             var element = document.getElementById(id);
             element.value = token;
           }
-        </script>
       HTML
     end
 

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.2.0'
+  VERSION = '5.5.0'
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.2.0
+  version: 5.5.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2019-10-09 00:00:00.000000000 Z
+date: 2020-03-31 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json