RubyGems - recaptcha - Versions diffs - 5.3.0 → 5.7.0 - Mend

recaptcha 5.3.0 → 5.7.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (9) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +16 -0
data/README.md +44 -9
data/lib/recaptcha.rb +7 -1
data/lib/recaptcha/adapters/controller_methods.rb +12 -5
data/lib/recaptcha/helpers.rb +6 -5
data/lib/recaptcha/version.rb +1 -1
data/rails/locales/fr.yml +5 -0
metadata +5 -4

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: adcc7a846c1b2cbac386af0946cd3c810803860f85ca363e5453582354c618b0
-  data.tar.gz: b1ac10dd569bc7220b81505c9c6565d3db900a3c737ed1c184dcd1c96a12c963
+  metadata.gz: ec76ff47d12ef3388c2a45d56850272fff3675c9f59619a09b55c918f70b5494
+  data.tar.gz: 697f0a4d41ffab63c6eb5b7d7b81c1f5ac2b1305f27bb84b5fccc421bcd38e2c
 SHA512:
-  metadata.gz: 8f9f6271ee715f1fbe543ed1b27cc8088678f5da8326718ad60587128e550fbb9073558fa147a4b608469da82af4cfd86ee255c39a7f69e0bd6b1d590ac109d8
-  data.tar.gz: 94fbd105e5b6f1cf23fd23cb5dac6040d9e642d5110beae4b9982c6a232f24323ed9ab145b3aa9ef7f6d5786537a20ea03dfacde5638c5f82d5921999c398bd7
+  metadata.gz: 51b3627583241aef9a99e2a3ed9c78091c87a92e87210749d38e9ccf0d418dbec455fd524d83210b8331be7064efac2be2308366b8288c574c53b84f6013333e
+  data.tar.gz: 8018c4668d7eef292e5908d609a7ebdd5cfbfb84b0c86a361dac36d3982cc075dc7e694c51639dd09eaf148cfd9536cecb12f6fa188ec72f87328e85976a4e22

data/CHANGELOG.md CHANGED Viewed

@@ -1,5 +1,21 @@
 ## Next
+## 5.7.0
+* french locale
+* drop ruby 2.3
+## 5.6.0
+* Allow multiple invisible recaptchas on a single page by setting custom selector
+## 5.5.0
+* add `recaptcha_reply` controller method for better debugging/inspection
+## 5.4.1
+* fix v2 vs 'data' postfix
+## 5.4.0
+* added 'data' postfix to g-recaptcha-response attribute name to avoid collisions
 ## 5.3.0
 * turbolinks support

data/README.md CHANGED Viewed

@@ -1,3 +1,4 @@
 # reCAPTCHA
 [![Gem Version](https://badge.fury.io/rb/recaptcha.svg)](https://badge.fury.io/rb/recaptcha)
@@ -12,6 +13,23 @@ views you can use the `recaptcha_tags` method to embed the needed javascript, an
 in your controllers with `verify_recaptcha` or `verify_recaptcha!`, which raises an error on
 failure.
+# Table of Contents
+1. [Obtaining a key](#obtaining-a-key)
+2. [Rails Installation](#rails-installation)
+3. [Sinatra / Rack / Ruby Installation](#sinatra--rack--ruby-installation)
+4. [reCAPTCHA V2 API & Usage](#recaptcha-v2-api-and-usage)
+  - [`recaptcha_tags`](#recaptcha_tags)
+  - [`verify_recaptcha`](#verify_recaptcha)
+  - [`invisible_recaptcha_tags`](#invisible_recaptcha_tags)
+5. [reCAPTCHA V3 API & Usage](#recaptcha-v3-api-and-usage)
+  - [`recaptcha_v3`](#recaptcha_v3)
+  - [`verify_recaptcha` (use with v3)](#verify_recaptcha-use-with-v3)
+  - [`recaptcha_reply`](#recaptcha_reply)
+6. [I18n Support](#i18n-support)
+7. [Testing](#testing)
+8. [Alternative API Key Setup](#alternative-api-key-setup)
 ## Obtaining a key
 Go to the [reCAPTCHA admin console](https://www.google.com/recaptcha/admin) to obtain a reCAPTCHA API key.
@@ -71,6 +89,7 @@ else
   render 'new'
 end
 ```
+Please note that this setup uses [`reCAPTCHA_v2`](#recaptcha-v2-api-and-usage). For a `recaptcha_v3` use, please refer to [`reCAPTCHA_v3 setup`](#examples).
 ## Sinatra / Rack / Ruby installation
@@ -119,7 +138,7 @@ The following options are available:
 Any unrecognized options will be added as attributes on the generated tag.
 You can also override the html attributes for the sizes of the generated `textarea` and `iframe`
-elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/client_helper.rb)
+elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/helpers.rb)
 to see these options.
 Note that you cannot submit/verify the same response token more than once or you will get a
@@ -147,7 +166,7 @@ Some of the options available:
 | `:message`     | Custom error message.
 | `:secret_key`  | Override the secret API key from the configuration.
 | `:timeout`     | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
-| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response']`)
+| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
 | `:hostname`    | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
 | `:env`         | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
@@ -278,7 +297,7 @@ threshold:
   <% if @show_checkbox_recaptcha %>
     <%= recaptcha_tags %>
   <% else %>
-    <%= recaptcha_v3(action: 'login') %>
+    <%= recaptcha_v3(action: 'login', site_key: ENV['RECAPTCHA_SITE_KEY_V3']) %>
   <% end %>
   …
 ```
@@ -286,7 +305,7 @@ threshold:
 ```ruby
 # app/controllers/sessions_controller.rb
 def create
-  success = verify_recaptcha(action: 'login', minimum_score: 0.5)
+  success = verify_recaptcha(action: 'login', minimum_score: 0.5, secret_key: ENV['RECAPTCHA_SECRET_KEY_V3'])
   checkbox_success = verify_recaptcha unless success
   if success || checkbox_success
     # Perform action
@@ -344,7 +363,7 @@ function). This lets you include `recaptcha_v3` within a `<form>` tag and have i
 submit the token as part of the form submission.
 Note: reCAPTCHA actually already adds its own hidden tag, like `<textarea
-id="g-recaptcha-response-100000" name="g-recaptcha-response" class="g-recaptcha-response">`,
+id="g-recaptcha-response-data-100000" name="g-recaptcha-response-data" class="g-recaptcha-response">`,
 immediately ater the reCAPTCHA badge in the bottom right of the page — but since it is not inside of
 any `<form>` element, and since it already passes the token to the callback, this hidden `textarea`
 isn't helpful to us.
@@ -353,7 +372,7 @@ If you need to submit the response token to the server in a different way than v
 submit, such as via [Ajax](https://developer.mozilla.org/en-US/docs/Web/API/XMLHttpRequest) or [`fetch`](https://developer.mozilla.org/en-US/docs/Web/API/Fetch_API),
 then you can either:
 1. just extract the token out of the hidden `<input>` or `<textarea>` (both of which will have a
-   predictable name/id), like `document.getElementById('g-recaptcha-response-my-action').value`, or
+   predictable name/id), like `document.getElementById('g-recaptcha-response-data-my-action').value`, or
 2. write and specify a custom `callback` function. You may also want to pass `element: false` if you
    don't have a use for the hidden input element.
@@ -388,8 +407,8 @@ but only accepts the following options:
 | `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
 | `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
-| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-"` + `action`) |
-| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response[action]`) |
+| `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
+| `:name`             | Specify a unique `name` attribute for the `<input>` element if using `element: :input`. (default: `g-recaptcha-response-data[action]`) |
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
 | `:inline_script`    | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
 | `:element`          | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
@@ -435,11 +454,27 @@ result_b = verify_recaptcha(action: 'b')
 ```
 Because the response tokens for multiple actions may be submitted together in the same request, they
-are passed as a hash under `params['g-recaptcha-response']` with the action as the key.
+are passed as a hash under `params['g-recaptcha-response-data']` with the action as the key.
 It is recommended to pass `external_script: false` on all but one of the calls to
 `recaptcha` since you only need to include the script tag once for a given `site_key`.
+## `recaptcha_reply`
+After `verify_recaptcha` has been called, you can call `recaptcha_reply` to get the raw reply from recaptcha. This can allow you to get the exact score returned by recaptcha should you need it.
+```ruby
+if verify_recaptcha(action: 'login')
+  redirect_to @user
+else
+  score = recaptcha_reply['score']
+  Rails.logger.warn("User #{@user.id} was denied login because of a recaptcha score of #{score}")
+  render 'new'
+end
+```
+`recaptcha_reply` will return `nil` if the the reply was not yet fetched.
 ## I18n support
 reCAPTCHA supports the I18n gem (it comes with English translations)

data/lib/recaptcha.rb CHANGED Viewed

@@ -65,10 +65,16 @@ module Recaptcha
     verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
     reply = api_verification(verify_hash, timeout: options[:timeout])
-    reply['success'].to_s == 'true' &&
+    success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
       score_above_threshold?(reply['score'], options[:minimum_score])
+    if options[:with_reply] == true
+      return success, reply
+    else
+      return success
+    end
   end
   def self.hostname_valid?(hostname, validation)

data/lib/recaptcha/adapters/controller_methods.rb CHANGED Viewed

@@ -24,7 +24,9 @@ module Recaptcha
               options = options.merge(remote_ip: remoteip.to_s) if remoteip
             end
-            Recaptcha.verify_via_api_call(recaptcha_response, options)
+            success, @_recaptcha_reply =
+              Recaptcha.verify_via_api_call(recaptcha_response, options.merge(with_reply: true))
+            success
           end
           if verified
@@ -58,6 +60,10 @@ module Recaptcha
         verify_recaptcha(options) || raise(VerifyError)
       end
+      def recaptcha_reply
+        @_recaptcha_reply if defined?(@_recaptcha_reply)
+      end
       def recaptcha_error(model, attribute, message)
         if model
           model.errors.add(attribute, message)
@@ -70,12 +76,13 @@ module Recaptcha
         request.respond_to?(:format) && request.format == :html && respond_to?(:flash)
       end
-      # Extracts response token from params. params['g-recaptcha-response'] should either be a
-      # string or a hash with the action name(s) as keys. If it is a hash, then `action` is used as
-      # the key.
+      # Extracts response token from params. params['g-recaptcha-response-data'] for recaptcha_v3 or
+      # params['g-recaptcha-response'] for recaptcha_tags and invisible_recaptcha_tags and should
+      # either be a string or a hash with the action name(s) as keys. If it is a hash, then `action`
+      # is used as the key.
       # @return [String] A response token if one was passed in the params; otherwise, `''`
       def recaptcha_response_token(action = nil)
-        response_param = params['g-recaptcha-response']
+        response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
         if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
           response_param[action].to_s
         else

data/lib/recaptcha/helpers.rb CHANGED Viewed

@@ -10,8 +10,8 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id = options.delete(:id) || "g-recaptcha-response-" + dasherize_action(action)
-      name = options.delete(:name) || "g-recaptcha-response[#{action}]"
+      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
       turbolinks = options.delete(:turbolinks)
       options[:render] = site_key
       options[:script_async] ||= false
@@ -271,6 +271,7 @@ module Recaptcha
     private_class_method def self.default_callback(options = {})
       nonce = options[:nonce]
       nonce_attr = " nonce='#{nonce}'" if nonce
+      selector_attr = options[:id] ? "##{options[:id]}" : ".g-recaptcha"
       <<-HTML
         <script#{nonce_attr}>
@@ -283,9 +284,9 @@ module Recaptcha
               return curEle.nodeName === 'FORM' ? curEle : null
             };
-            var eles = document.getElementsByClassName('g-recaptcha');
-            if (eles.length > 0) {
-              var form = closestForm(eles[0]);
+            var el = document.querySelector("#{selector_attr}")
+            if (!!el) {
+              var form = closestForm(el);
               if (form) {
                 form.submit();
               }

data/lib/recaptcha/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Recaptcha
-  VERSION = '5.3.0'
+  VERSION = '5.7.0'
 end

data/rails/locales/fr.yml ADDED Viewed

@@ -0,0 +1,5 @@
+fr:
+  recaptcha:
+    errors:
+      verification_failed: La vérification reCAPTCHA a échoué, veuillez essayer à nouveau.
+      recaptcha_unreachable: Oops, nous n'avons pas vu valider votre réponse reCAPTCHA. Veuillez essayer à nouveau.

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.3.0
+  version: 5.7.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-01-10 00:00:00.000000000 Z
+date: 2021-02-05 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -155,6 +155,7 @@ files:
 - lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
 - rails/locales/en.yml
+- rails/locales/fr.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
@@ -168,14 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 2.4.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
+rubygems_version: 3.1.3
 signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API