RubyGems - recaptcha - Versions diffs - 5.3.0 → 5.7.0 - Mend

recaptcha 5.3.0 → 5.7.0

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +16 -0
data/README.md +44 -9
data/lib/recaptcha.rb +7 -1
data/lib/recaptcha/adapters/controller_methods.rb +12 -5
data/lib/recaptcha/helpers.rb +6 -5
data/lib/recaptcha/version.rb +1 -1
data/rails/locales/fr.yml +5 -0
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adcc7a846c1b2cbac386af0946cd3c810803860f85ca363e5453582354c618b0
-  data.tar.gz: b1ac10dd569bc7220b81505c9c6565d3db900a3c737ed1c184dcd1c96a12c963
+  metadata.gz: ec76ff47d12ef3388c2a45d56850272fff3675c9f59619a09b55c918f70b5494
+  data.tar.gz: 697f0a4d41ffab63c6eb5b7d7b81c1f5ac2b1305f27bb84b5fccc421bcd38e2c
 SHA512:
-  metadata.gz: 8f9f6271ee715f1fbe543ed1b27cc8088678f5da8326718ad60587128e550fbb9073558fa147a4b608469da82af4cfd86ee255c39a7f69e0bd6b1d590ac109d8
-  data.tar.gz: 94fbd105e5b6f1cf23fd23cb5dac6040d9e642d5110beae4b9982c6a232f24323ed9ab145b3aa9ef7f6d5786537a20ea03dfacde5638c5f82d5921999c398bd7
+  metadata.gz: 51b3627583241aef9a99e2a3ed9c78091c87a92e87210749d38e9ccf0d418dbec455fd524d83210b8331be7064efac2be2308366b8288c574c53b84f6013333e
+  data.tar.gz: 8018c4668d7eef292e5908d609a7ebdd5cfbfb84b0c86a361dac36d3982cc075dc7e694c51639dd09eaf148cfd9536cecb12f6fa188ec72f87328e85976a4e22

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 ## Next
+## 5.7.0
+* french locale
+* drop ruby 2.3
+## 5.6.0
+* Allow multiple invisible recaptchas on a single page by setting custom selector
+## 5.5.0
+* add `recaptcha_reply` controller method for better debugging/inspection
+## 5.4.1
+* fix v2 vs 'data' postfix
+## 5.4.0
+* added 'data' postfix to g-recaptcha-response attribute name to avoid collisions
 ## 5.3.0
 * turbolinks support

data/README.md CHANGED Viewed

@@ -1,3 +1,4 @@
 # reCAPTCHA
 [![Gem Version](https://badge.fury.io/rb/recaptcha.svg)](https://badge.fury.io/rb/recaptcha)
@@ -12,6 +13,23 @@ views you can use the `recaptcha_tags` method to embed the needed javascript, an
 in your controllers with `verify_recaptcha` or `verify_recaptcha!`, which raises an error on
 failure.
+# Table of Contents
+1. [Obtaining a key](#obtaining-a-key)
+2. [Rails Installation](#rails-installation)
+3. [Sinatra / Rack / Ruby Installation](#sinatra--rack--ruby-installation)
+4. [reCAPTCHA V2 API & Usage](#recaptcha-v2-api-and-usage)
+  - [`recaptcha_tags`](#recaptcha_tags)
+  - [`verify_recaptcha`](#verify_recaptcha)
+  - [`invisible_recaptcha_tags`](#invisible_recaptcha_tags)
+5. [reCAPTCHA V3 API & Usage](#recaptcha-v3-api-and-usage)
+  - [`recaptcha_v3`](#recaptcha_v3)
+  - [`verify_recaptcha` (use with v3)](#verify_recaptcha-use-with-v3)
+  - [`recaptcha_reply`](#recaptcha_reply)
+6. [I18n Support](#i18n-support)
+7. [Testing](#testing)
+8. [Alternative API Key Setup](#alternative-api-key-setup)
 ## Obtaining a key
 Go to the [reCAPTCHA admin console](https://www.google.com/recaptcha/admin) to obtain a reCAPTCHA API key.
@@ -71,6 +89,7 @@ else
   render 'new'
 end
 ```
+Please note that this setup uses [`reCAPTCHA_v2`](#recaptcha-v2-api-and-usage). For a `recaptcha_v3` use, please refer to [`reCAPTCHA_v3 setup`](#examples).
 ## Sinatra / Rack / Ruby installation
@@ -119,7 +138,7 @@ The following options are available:
 Any unrecognized options will be added as attributes on the generated tag.
 You can also override the html attributes for the sizes of the generated `textarea` and `iframe`
-elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/client_helper.rb)
+elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/helpers.rb)
 to see these options.
 Note that you cannot submit/verify the same response token more than once or you will get a
@@ -147,7 +166,7 @@ Some of the options available:
 | `:message`     | Custom error message.
 | `:secret_key`  | Override the secret API key from the configuration.
 | `:timeout`     | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
-| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response']`)
+| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
 | `:hostname`    | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
 | `:env`         | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
@@ -278,7 +297,7 @@ threshold:
   <% if @show_checkbox_recaptcha %>
     <%= recaptcha_tags %>
   <% else %>
-    <%= recaptcha_v3(action: 'login') %>
+    <%= recaptcha_v3(action: 'login', site_key: ENV['RECAPTCHA_SITE_KEY_V3']) %>
   <% end %>
   …
 ```
@@ -286,7 +305,7 @@ threshold:
 ```ruby
 # app/controllers/sessions_controller.rb
 def create
-  success = verify_recaptcha(action: 'login', minimum_score: 0.5)
+  success = verify_recaptcha(action: 'login', minimum_score: 0.5, secret_key: ENV['RECAPTCHA_SECRET_KEY_V3'])
   checkbox_success = verify_recaptcha unless success
   if success || checkbox_success
     # Perform action
@@ -344,7 +363,7 @@ function). This lets you include `recaptcha_v3` within a `<form>` tag and have i
 submit the token as part of the form submission.
 Note: reCAPTCHA actually already adds its own hidden tag, like `<textarea
-id="g-recaptcha-response-100000" name="g-recaptcha-response" class="g-recaptcha-response">`,
+id="g-recaptcha-response-data-100000" name="g-recaptcha-response-data" class="g-recaptcha-response">`,
 immediately ater the reCAPTCHA badge in the bottom right of the page — but since it is not inside of
 any `<form>` element, and since it already passes the token to the callback, this hidden `textarea`
 isn't helpful to us.
@@ -353,7 +372,7 @@ If you need to submit the response token to the server in a different way than v
 submit, such as via [Ajax](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) or [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API),
 then you can either:
 1. just extract the token out of the hidden `<input>` or `<textarea>` (both of which will have a
-   predictable name/id), like `document.getElementById('g-recaptcha-response-my-action').value`, or
+   predictable name/id), like `document.getElementById('g-recaptcha-response-data-my-action').value`, or
 2. write and specify a custom `callback` function. You may also want to pass `element: false` if you
    don't have a use for the hidden input element.
@@ -388,8 +407,8 @@ but only accepts the following options:
 | `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
 | `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
-| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-"` + `action`) |
-| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response[action]`) |
+| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
+| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response-data[action]`) |
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
 | `:inline_script`    | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
 | `:element`          | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
@@ -435,11 +454,27 @@ result_b = verify_recaptcha(action: 'b')
 ```
 Because the response tokens for multiple actions may be submitted together in the same request, they
-are passed as a hash under `params['g-recaptcha-response']` with the action as the key.
+are passed as a hash under `params['g-recaptcha-response-data']` with the action as the key.
 It is recommended to pass `external_script: false` on all but one of the calls to
 `recaptcha` since you only need to include the script tag once for a given `site_key`.
+## `recaptcha_reply`
+After `verify_recaptcha` has been called, you can call `recaptcha_reply` to get the raw reply from recaptcha. This can allow you to get the exact score returned by recaptcha should you need it.
+```ruby
+if verify_recaptcha(action: 'login')
+  redirect_to @user
+else
+  score = recaptcha_reply['score']
+  Rails.logger.warn("User #{@user.id} was denied login because of a recaptcha score of #{score}")
+  render 'new'
+end
+```
+`recaptcha_reply` will return `nil` if the the reply was not yet fetched.
 ## I18n support
 reCAPTCHA supports the I18n gem (it comes with English translations)

data/lib/recaptcha.rb CHANGED Viewed

@@ -65,10 +65,16 @@ module Recaptcha
     verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
     reply = api_verification(verify_hash, timeout: options[:timeout])
-    reply['success'].to_s == 'true' &&
+    success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
       score_above_threshold?(reply['score'], options[:minimum_score])
+    if options[:with_reply] == true
+      return success, reply
+    else
+      return success
+    end
   end
   def self.hostname_valid?(hostname, validation)

data/lib/recaptcha/adapters/controller_methods.rb CHANGED Viewed

@@ -24,7 +24,9 @@ module Recaptcha
               options = options.merge(remote_ip: remoteip.to_s) if remoteip
             end
-            Recaptcha.verify_via_api_call(recaptcha_response, options)
+            success, @_recaptcha_reply =
+              Recaptcha.verify_via_api_call(recaptcha_response, options.merge(with_reply: true))
+            success
           end
           if verified
@@ -58,6 +60,10 @@ module Recaptcha
         verify_recaptcha(options) || raise(VerifyError)
       end
+      def recaptcha_reply
+        @_recaptcha_reply if defined?(@_recaptcha_reply)
+      end
       def recaptcha_error(model, attribute, message)
         if model
           model.errors.add(attribute, message)
@@ -70,12 +76,13 @@ module Recaptcha
         request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
       end
-      # Extracts response token from params. params['g-recaptcha-response'] should either be a
-      # string or a hash with the action name(s) as keys. If it is a hash, then `action` is used as
-      # the key.
+      # Extracts response token from params. params['g-recaptcha-response-data'] for recaptcha_v3 or
+      # params['g-recaptcha-response'] for recaptcha_tags and invisible_recaptcha_tags and should
+      # either be a string or a hash with the action name(s) as keys. If it is a hash, then `action`
+      # is used as the key.
       # @return [String] A response token if one was passed in the params; otherwise, `''`
       def recaptcha_response_token(action = nil)
-        response_param = params['g-recaptcha-response']
+        response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
         if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
           response_param[action].to_s
         else

data/lib/recaptcha/helpers.rb CHANGED Viewed

@@ -10,8 +10,8 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id = options.delete(:id) || "g-recaptcha-response-" + dasherize_action(action)
-      name = options.delete(:name) || "g-recaptcha-response[#{action}]"
+      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
       turbolinks = options.delete(:turbolinks)
       options[:render] = site_key
       options[:script_async] ||= false
@@ -271,6 +271,7 @@ module Recaptcha
     private_class_method def self.default_callback(options = {})
       nonce = options[:nonce]
       nonce_attr = " nonce='#{nonce}'" if nonce
+      selector_attr = options[:id] ? "##{options[:id]}" : ".g-recaptcha"
       <<-HTML
         <script#{nonce_attr}>
@@ -283,9 +284,9 @@ module Recaptcha
               return curEle.nodeName === 'FORM' ? curEle : null
             };
-            var eles = document.getElementsByClassName('g-recaptcha');
-            if (eles.length > 0) {
-              var form = closestForm(eles[0]);
+            var el = document.querySelector("#{selector_attr}")
+            if (!!el) {
+              var form = closestForm(el);
               if (form) {
                 form.submit();
               }

data/lib/recaptcha/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Recaptcha
-  VERSION = '5.3.0'
+  VERSION = '5.7.0'
 end

data/rails/locales/fr.yml ADDED Viewed

@@ -0,0 +1,5 @@
+fr:
+  recaptcha:
+    errors:
+      verification_failed: La vérification reCAPTCHA a échoué, veuillez essayer à nouveau.
+      recaptcha_unreachable: Oops, nous n'avons pas vu valider votre réponse reCAPTCHA. Veuillez essayer à nouveau.

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.3.0
+  version: 5.7.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-10 00:00:00.000000000 Z
+date: 2021-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -155,6 +155,7 @@ files:
 - lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
 - rails/locales/en.yml
+- rails/locales/fr.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
@@ -168,14 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.3
 signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API