recaptcha 5.5.0 → 5.17.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: ba681f9321310ca16bb41dc622bf7051c30df10ec000582f9dd8d29310e21136
-  data.tar.gz: 8d9a3a4a7adb2ea830f17ace469e6b475d4d5c633c6988cd04dd56a7fd70e414
+  metadata.gz: 52997b101110f7111f307af5bc5a66ce28d71cc74af339a267d55f8fe4bdeb1d
+  data.tar.gz: 5b62b2bf9740563b8f4e8edc9e3fdd90303daa4e8ea205cdb94e39a842dba770
 SHA512:
-  metadata.gz: efba5551493debe23617c41db429c224f51a4d0253274cf6fe28c5e384d78f4bd374ba3ad3132c2009cb2df9813266ac3a90eabd9a019aa7d48ee3999f2451e3
-  data.tar.gz: 1dfd4f2281c8f6902b1c70ca0d272d0d2f671d9062669f147cfb38416ee771e7348ff131c8fd957c1e8674b7d83ad3f3c79f6c306a7779638b4481000534f695
+  metadata.gz: 6fe87d18b768bcdd4bf50f6a8ba5248856bcf54d7dd5afb5c8f8f9da4003902f7078782c8f75c685874f4d1427deb1348c48d6fe001bd78aa733af0acf24060e
+  data.tar.gz: a0190cbff7d1e7f0d8b312ad2d6fc9e0a88336db8f8d2dea8ac9a7d678fd35faac9ec3ca7ba029f22b5b1d48614797caef9b56443e10837af1a2d5106fe7fccb

data/CHANGELOG.md

@@ -1,4 +1,73 @@
 ## Next
+* Add key setup to v3 example in README
+* Remove unnecessary id from textarea - This was unused and may cause accessability concerns if there is more than one recaptcha on the page due to multiple elements with the same id
+* Update to latest version of rubocop
+* Drop support for Ruby 2.7; add Ruby 3.3
+* Add i18n: de, es, it, pt, pt-BR
+
+## 5.16.0
+* Allow usage of `options[:turbo]` as well as `options[:turbolinks]` for `recaptcha_v3`
+
+## 5.15.0
+* Add 3.2 to the list of Ruby CI versions
+* Add ability to submit verify_recaptcha via POST with JSON Body with `options[:json] = true`
+
+## 5.14.0
+* drop json dependency
+
+## 5.13.1
+* Permit actions as symbol
+
+## 5.13.0
+* Added option to ignore_no_element.
+
+## 5.12.3
+* Remove score fallback for enterprise
+* Update enterprise tests to v1 assessment schema
+
+## 5.12.2
+* Fix minimum score for enterprise
+
+## 5.12.1
+* Fix Japanese locale
+
+## 5.12.0
+* Added Japanese locale
+
+## 5.11.0
+* Added Dutch locale
+
+## 5.10.1
+* Fix enterprise_verify_url #415
+
+## 5.10.0
+* Drop ruby 2.4 2.5 2.6
+* Add maxiumm score support for hcaptcha
+
+## 5.9.0
+* Gracefully handle invalid params
+
+## 5.8.1
+* Allow configuring response limit
+
+## 5.8.0
+* Add support for the enterprise API
+
+## 5.7.0
+* french locale
+* drop ruby 2.3
+
+## 5.6.0
+* Allow multiple invisible recaptchas on a single page by setting custom selector
+
+## 5.5.0
+* add `recaptcha_reply` controller method for better debugging/inspection
+
+## 5.4.1
+* fix v2 vs 'data' postfix
+
+## 5.4.0
+* added 'data' postfix to g-recaptcha-response attribute name to avoid collisions
 
 ## 5.3.0
 * turbolinks support

data/README.md

@@ -1,3 +1,4 @@
+
 # reCAPTCHA
 [![Gem Version](https://badge.fury.io/rb/recaptcha.svg)](https://badge.fury.io/rb/recaptcha)
 
@@ -12,6 +13,23 @@ views you can use the `recaptcha_tags` method to embed the needed javascript, an
 in your controllers with `verify_recaptcha` or `verify_recaptcha!`, which raises an error on
 failure.
 
+
+# Table of Contents
+1. [Obtaining a key](#obtaining-a-key)
+2. [Rails Installation](#rails-installation)
+3. [Sinatra / Rack / Ruby Installation](#sinatra--rack--ruby-installation)
+4. [reCAPTCHA V2 API & Usage](#recaptcha-v2-api-and-usage)
+  - [`recaptcha_tags`](#recaptcha_tags)
+  - [`verify_recaptcha`](#verify_recaptcha)
+  - [`invisible_recaptcha_tags`](#invisible_recaptcha_tags)
+5. [reCAPTCHA V3 API & Usage](#recaptcha-v3-api-and-usage)
+  - [`recaptcha_v3`](#recaptcha_v3)
+  - [`verify_recaptcha` (use with v3)](#verify_recaptcha-use-with-v3)
+  - [`recaptcha_reply`](#recaptcha_reply)
+6. [I18n Support](#i18n-support)
+7. [Testing](#testing)
+8. [Alternative API Key Setup](#alternative-api-key-setup)
+
 ## Obtaining a key
 
 Go to the [reCAPTCHA admin console](https://www.google.com/recaptcha/admin) to obtain a reCAPTCHA API key.
@@ -32,6 +50,8 @@ Note: Enter `localhost` or `127.0.0.1` as the domain if using in development wit
 
 ## Rails Installation
 
+**If you are having issues with Rails 7, Turbo, and Stimulus, make sure to check [this Wiki page](https://github.com/ambethia/recaptcha/wiki/Recaptcha-with-Turbo-and-Stimulus)!**
+
 ```ruby
 gem "recaptcha"
 ```
@@ -50,6 +70,18 @@ export RECAPTCHA_SITE_KEY   = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
 export RECAPTCHA_SECRET_KEY = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
 ```
 
+If you have an Enterprise API key:
+
+```shell
+export RECAPTCHA_ENTERPRISE            = 'true'
+export RECAPTCHA_ENTERPRISE_API_KEY    = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyupA'
+export RECAPTCHA_ENTERPRISE_PROJECT_ID = 'my-project'
+```
+
+_note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however. 
+
+`RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials. 
+
 Add `recaptcha_tags` to the forms you want to protect:
 
 ```erb
@@ -71,6 +103,7 @@ else
   render 'new'
 end
 ```
+Please note that this setup uses [`reCAPTCHA_v2`](#recaptcha-v2-api-and-usage). For a `recaptcha_v3` use, please refer to [`reCAPTCHA_v3 setup`](#examples).
 
 ## Sinatra / Rack / Ruby installation
 
@@ -119,7 +152,7 @@ The following options are available:
 Any unrecognized options will be added as attributes on the generated tag.
 
 You can also override the html attributes for the sizes of the generated `textarea` and `iframe`
-elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/client_helper.rb)
+elements, if CSS isn't your thing. Inspect the [source of `recaptcha_tags`](https://github.com/ambethia/recaptcha/blob/master/lib/recaptcha/helpers.rb)
 to see these options.
 
 Note that you cannot submit/verify the same response token more than once or you will get a
@@ -140,16 +173,19 @@ you like.
 
 Some of the options available:
 
-| Option         | Description |
-|----------------|-------------|
-| `:model`       | Model to set errors.
-| `:attribute`   | Model attribute to receive errors. (default: `:base`)
-| `:message`     | Custom error message.
-| `:secret_key`  | Override the secret API key from the configuration.
-| `:timeout`     | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
-| `:response`    | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
-| `:hostname`    | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
-| `:env`         | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
+| Option                    | Description |
+|---------------------------|-------------|
+| `:model`                  | Model to set errors.
+| `:attribute`              | Model attribute to receive errors. (default: `:base`)
+| `:message`                | Custom error message.
+| `:secret_key`             | Override the secret API key from the configuration.
+| `:enterprise_api_key`     | Override the Enterprise API key from the configuration.
+| `:enterprise_project_id ` | Override the Enterprise project ID from the configuration.
+| `:timeout`                | The number of seconds to wait for reCAPTCHA servers before give up. (default: `3`)
+| `:response`               | Custom response parameter. (default: `params['g-recaptcha-response-data']`)
+| `:hostname`               | Expected hostname or a callable that validates the hostname, see [domain validation](https://developers.google.com/recaptcha/docs/domain_validation) and [hostname](https://developers.google.com/recaptcha/docs/verify#api-response) docs. (default: `nil`, but can be changed by setting `config.hostname`)
+| `:env`                    | Current environment. The request to verify will be skipped if the environment is specified in configuration under `skip_verify_env`
+| `:json`                   | Boolean; defaults to false; if true, will submit the verification request by POST with the request data in JSON
 
 
 ### `invisible_recaptcha_tags`
@@ -273,12 +309,20 @@ With v3, you can let all users log in without any intervention at all if their s
 threshold, and only show a v2 checkbox recaptcha challenge (fall back to v2) if it is below the
 threshold:
 
+This example sets v2 keys through environment variables. For more information on how to set up keys, please refer to the [documentation here](#alternative-api-key-setup).
+
+```bash
+# .env
+RECAPTCHA_SITE_KEY=6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy
+RECAPTCHA_SECRET_KEY=6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx
+```
+
 ```erb
   …
   <% if @show_checkbox_recaptcha %>
     <%= recaptcha_tags %>
   <% else %>
-    <%= recaptcha_v3(action: 'login') %>
+    <%= recaptcha_v3(action: 'login', site_key: ENV['RECAPTCHA_SITE_KEY_V3']) %>
   <% end %>
   …
 ```
@@ -286,7 +330,7 @@ threshold:
 ```ruby
 # app/controllers/sessions_controller.rb
 def create
-  success = verify_recaptcha(action: 'login', minimum_score: 0.5)
+  success = verify_recaptcha(action: 'login', minimum_score: 0.5, secret_key: ENV['RECAPTCHA_SECRET_KEY_V3'])
   checkbox_success = verify_recaptcha unless success
   if success || checkbox_success
     # Perform action
@@ -357,17 +401,19 @@ then you can either:
 2. write and specify a custom `callback` function. You may also want to pass `element: false` if you
    don't have a use for the hidden input element.
 
-Note that you cannot submit/verify the same response token more than once or you will get a
-`timeout-or-duplicate` error code. If you need reset the captcha and generate a new response token,
-then you need to call `grecaptcha.execute(…)` again. This helper provides a JavaScript method (for
-each action) named `executeRecaptchaFor{action}` to make this easier. That is the same method that
-is invoked immediately. It simply calls `grecaptcha.execute` again and then calls the `callback`
-function with the response token.
+Note that you cannot submit/verify the same response token more than once or you
+will get a `timeout-or-duplicate` error code. If you need reset the captcha and
+generate a new response token, then you need to call `grecaptcha.execute(…)` or
+`grecaptcha.enterprise.execute(…)` again. This helper provides a JavaScript
+method (for each action) named `executeRecaptchaFor{action}` to make this
+easier. That is the same method that is invoked immediately. It simply calls
+`grecaptcha.execute` or `grecaptcha.enterprise.execute` again and then calls the
+`callback` function with the response token.
 
 You will also get a `timeout-or-duplicate` error if too much time has passed between getting the
 response token and verifying it. This can easily happen with large forms that take the user a couple
 minutes to complete. Unlike v2, where you can use the `expired-callback` to be notified when the
-response expries, v3 appears to provide no such callback. See also
+response expires, v3 appears to provide no such callback. See also
 [1](https://github.com/google/recaptcha/issues/281) and
 [2](https://stackoverflow.com/questions/54437745/recaptcha-v3-how-to-deal-with-expired-token-after-idle).
 
@@ -385,7 +431,7 @@ but only accepts the following options:
 | Option              | Description |
 |---------------------|-------------|
 | `:site_key`         | Override site API key |
-| `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions may only contain alphanumeric characters and slashes, and must not be user-specific. |
+| `:action`           | The name of the [reCAPTCHA action](https://developers.google.com/recaptcha/docs/v3#actions). Actions are not case-sensitive and may only contain alphanumeric characters, slashes, and underscores, and must not be user-specific. |
 | `:nonce`            | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. (default: `nil`) |
 | `:callback`         | Name of callback function to call with the token. When `element` is `:input`, this defaults to a function named `setInputWithRecaptchaResponseTokenFor#{sanitize_action(action)}` that sets the value of the hidden input to the token. |
 | `:id`               | Specify a unique `id` attribute for the `<input>` element if using `element: :input`. (default: `"g-recaptcha-response-data-"` + `action`) |
@@ -393,7 +439,9 @@ but only accepts the following options:
 | `:script`           | Same as setting both `:inline_script` and `:external_script`. (default: `true`). |
 | `:inline_script`    | If `true`, adds an inline script tag that calls `grecaptcha.execute` for the given `site_key` and `action` and calls the `callback` with the resulting response token. Pass `false` if you want to handle calling `grecaptcha.execute` yourself. (default: `true`) |
 | `:element`          | The element to render, if any (default: `:input`)<br/>`:input`: Renders a hidden `<input type="hidden">` tag. The value of this will be set to the response token by the default `setInputWithRecaptchaResponseTokenFor{action}` callback.<br/>`false`: Doesn't render any tag. You'll have to add a custom callback that does something with the token. |
-| `:turbolinks`          | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbolinks. |
+| `:turbo`              | If `true`, calls the js function which executes reCAPTCHA after all the dependencies have been loaded. This cannot be used with the js param `:onload`. This makes reCAPTCHAv3 usable with turbo. |
+| `:turbolinks`         | Alias of `:turbo`. Will be deprecated soon. |
+| `:ignore_no_element`  | If `true`, adds null element checker for forms that can be removed from the page by javascript like modals with forms. (default: true) |
 
 [JavaScript resource (api.js) parameters](https://developers.google.com/recaptcha/docs/invisible#js_param):
 
@@ -427,7 +475,7 @@ According to https://developers.google.com/recaptcha/docs/v3#placement,
 
 > Note: You can execute reCAPTCHA as many times as you'd like with different actions on the same page.
 
-You will need to verify each action individually with separate call to `verify_recaptcha`.
+You will need to verify each action individually with a separate call to `verify_recaptcha`.
 
 ```ruby
 result_a = verify_recaptcha(action: 'a')
@@ -487,14 +535,20 @@ Recaptcha.configuration.skip_verify_env.delete("test")
 Recaptcha.configure do |config|
   config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
   config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
+
   # Uncomment the following line if you are using a proxy server:
   # config.proxy = 'http://myproxy.com.au:8080'
+
+  # Uncomment the following lines if you are using the Enterprise API:
+  # config.enterprise = true
+  # config.enterprise_api_key = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyupA'
+  # config.enterprise_project_id = 'my-project'
 end
 ```
 
 ### Recaptcha.with_configuration
 
-For temporary overwrites (not thread safe).
+For temporary overwrites (not thread-safe).
 
 ```ruby
 Recaptcha.with_configuration(site_key: '12345') do
@@ -514,6 +568,38 @@ recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
 verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
 ```
 
+
+## hCaptcha support
+
+[hCaptcha](https://hcaptcha.com) is an alternative service providing reCAPTCHA API.
+
+To use hCaptcha:
+1. Set a site and a secret key as usual
+2. Set two options in `verify_url` and `api_service_url` pointing to hCaptcha API endpoints.
+3. Disable a response limit check by setting a `response_limit` to the large enough value (reCAPTCHA is limited by 4000 characters).
+4. It is not required to change a parameter name as [official docs suggest](https://docs.hcaptcha.com/switch) because API handles standard `g-recaptcha` for compatibility.
+
+```ruby
+# config/initializers/recaptcha.rb
+Recaptcha.configure do |config|
+  config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
+  config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
+  config.verify_url = 'https://hcaptcha.com/siteverify'
+  config.api_server_url = 'https://hcaptcha.com/1/api.js'
+  config.response_limit = 100000
+end
+```
+
+hCaptcha uses a scoring system (higher number more likely to be a bot) which is inverse of the reCaptcha scoring system (lower number more likely to be a bot). As such, a `maximum_score` attribute is provided for use with hCaptcha.
+
+```ruby
+result = verify_recaptcha(maximum_score: 0.7)
+```
+
+| Option           | Description |
+|------------------|-------------|
+| `:maximum_score` | Provide a threshold to meet or fall below. Threshold should be a float between 0 and 1 which will be tested as `score <= maximum_score`. (Default: `nil`) |
+
 ## Misc
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)

data/lib/recaptcha/adapters/controller_methods.rb

@@ -83,10 +83,12 @@ module Recaptcha
       # @return [String] A response token if one was passed in the params; otherwise, `''`
       def recaptcha_response_token(action = nil)
         response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
-        if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
-          response_param[action].to_s
+        response_param = response_param[action] if action && response_param.respond_to?(:key?)
+
+        if response_param.is_a?(String)
+          response_param
         else
-          response_param.to_s
+          ''
         end
       end
     end

data/lib/recaptcha/configuration.rb

@@ -31,22 +31,32 @@ module Recaptcha
   #
   class Configuration
     DEFAULTS = {
-      'server_url' => 'https://www.recaptcha.net/recaptcha/api.js',
-      'verify_url' => 'https://www.recaptcha.net/recaptcha/api/siteverify'
+      'free_server_url' => 'https://www.recaptcha.net/recaptcha/api.js',
+      'enterprise_server_url' => 'https://www.recaptcha.net/recaptcha/enterprise.js',
+      'free_verify_url' => 'https://www.recaptcha.net/recaptcha/api/siteverify',
+      'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1/projects'
     }.freeze
 
-    attr_accessor :default_env, :skip_verify_env, :secret_key, :site_key, :proxy, :handle_timeouts_gracefully, :hostname
+    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
+                  :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
     attr_writer :api_server_url, :verify_url
 
-    def initialize #:nodoc:
+    def initialize # :nodoc:
       @default_env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
       @skip_verify_env = %w[test cucumber]
       @handle_timeouts_gracefully = true
 
       @secret_key = ENV['RECAPTCHA_SECRET_KEY']
       @site_key = ENV['RECAPTCHA_SITE_KEY']
+
+      @enterprise = ENV['RECAPTCHA_ENTERPRISE'] == 'true'
+      @enterprise_api_key = ENV['RECAPTCHA_ENTERPRISE_API_KEY']
+      @enterprise_project_id = ENV['RECAPTCHA_ENTERPRISE_PROJECT_ID']
+
       @verify_url = nil
       @api_server_url = nil
+
+      @response_limit = 4000
     end
 
     def secret_key!
@@ -57,12 +67,20 @@ module Recaptcha
       site_key || raise(RecaptchaError, "No site key specified.")
     end
 
+    def enterprise_api_key!
+      enterprise_api_key || raise(RecaptchaError, "No Enterprise API key specified.")
+    end
+
+    def enterprise_project_id!
+      enterprise_project_id || raise(RecaptchaError, "No Enterprise project ID specified.")
+    end
+
     def api_server_url
-      @api_server_url || DEFAULTS.fetch('server_url')
+      @api_server_url || (enterprise ? DEFAULTS.fetch('enterprise_server_url') : DEFAULTS.fetch('free_server_url'))
     end
 
     def verify_url
-      @verify_url || DEFAULTS.fetch('verify_url')
+      @verify_url || (enterprise ? DEFAULTS.fetch('enterprise_verify_url') : DEFAULTS.fetch('free_verify_url'))
     end
   end
 end

data/lib/recaptcha/helpers.rb

@@ -10,12 +10,13 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
       name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
-      turbolinks = options.delete(:turbolinks)
+      turbo = options.delete(:turbo) || options.delete(:turbolinks)
       options[:render] = site_key
       options[:script_async] ||= false
       options[:script_defer] ||= false
+      options[:ignore_no_element] = options.key?(:ignore_no_element) ? options[:ignore_no_element] : true
       element = options.delete(:element)
       element = element == false ? false : :input
       if element == :input
@@ -23,11 +24,11 @@ module Recaptcha
       end
       options[:class] = "g-recaptcha-response #{options[:class]}"
 
-      if turbolinks
+      if turbo
         options[:onload] = recaptcha_v3_execute_function_name(action)
       end
       html, tag_attributes = components(options)
-      if turbolinks
+      if turbo
         html << recaptcha_v3_onload_script(site_key, action, callback, id, options)
       elsif recaptcha_v3_inline_script?(options)
         html << recaptcha_v3_inline_script(site_key, action, callback, id, options)
@@ -73,7 +74,7 @@ module Recaptcha
               <div style="width: 300px; height: 60px; border-style: none;
                 bottom: 12px; left: 25px; margin: 0px; padding: 0px; right: 25px;
                 background: #f9f9f9; border: 1px solid #c1c1c1; border-radius: 3px;">
-                <textarea id="g-recaptcha-response" name="g-recaptcha-response"
+                <textarea name="g-recaptcha-response"
                   class="g-recaptcha-response"
                   style="width: 250px; height: 40px; border: 1px solid #c1c1c1;
                   margin: 10px 25px; padding: 0px; resize: none;">
@@ -138,6 +139,7 @@ module Recaptcha
       nonce = options.delete(:nonce)
       skip_script = (options.delete(:script) == false) || (options.delete(:external_script) == false)
       ui = options.delete(:ui)
+      options.delete(:ignore_no_element)
 
       data_attribute_keys = [:badge, :theme, :type, :callback, :expired_callback, :error_callback, :size]
       data_attribute_keys << :tabindex unless ui == :button
@@ -174,7 +176,8 @@ module Recaptcha
 
     # v3
 
-    # Renders a script that calls `grecaptcha.execute` for the given `site_key` and `action` and
+    # Renders a script that calls `grecaptcha.execute` or
+    # `grecaptcha.enterprise.execute` for the given `site_key` and `action` and
     # calls the `callback` with the resulting response token.
     private_class_method def self.recaptcha_v3_inline_script(site_key, action, callback, id, options = {})
       nonce = options[:nonce]
@@ -185,8 +188,8 @@ module Recaptcha
           // Define function so that we can call it again later if we need to reset it
           // This executes reCAPTCHA and then calls our callback.
           function #{recaptcha_v3_execute_function_name(action)}() {
-            grecaptcha.ready(function() {
-              grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
+            #{recaptcha_ready_method_name}(function() {
+              #{recaptcha_execute_method_name}('#{site_key}', {action: '#{action}'}).then(function(token) {
                 #{callback}('#{id}', token)
               });
             });
@@ -199,13 +202,13 @@ module Recaptcha
           // Returns a Promise that resolves with the response token.
           async function #{recaptcha_v3_async_execute_function_name(action)}() {
             return new Promise((resolve, reject) => {
-              grecaptcha.ready(async function() {
-                resolve(await grecaptcha.execute('#{site_key}', {action: '#{action}'}))
+             #{recaptcha_ready_method_name}(async function() {
+                resolve(await #{recaptcha_execute_method_name}('#{site_key}', {action: '#{action}'}))
               });
             })
           };
 
-          #{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
+          #{recaptcha_v3_define_default_callback(callback, options) if recaptcha_v3_define_default_callback?(callback, action, options)}
         </script>
       HTML
     end
@@ -217,13 +220,13 @@ module Recaptcha
       <<-HTML
         <script#{nonce_attr}>
           function #{recaptcha_v3_execute_function_name(action)}() {
-            grecaptcha.ready(function() {
-              grecaptcha.execute('#{site_key}', {action: '#{action}'}).then(function(token) {
+            #{recaptcha_ready_method_name}(function() {
+              #{recaptcha_execute_method_name}('#{site_key}', {action: '#{action}'}).then(function(token) {
                 #{callback}('#{id}', token)
               });
             });
           };
-          #{recaptcha_v3_define_default_callback(callback) if recaptcha_v3_define_default_callback?(callback, action, options)}
+          #{recaptcha_v3_define_default_callback(callback, options) if recaptcha_v3_define_default_callback?(callback, action, options)}
         </script>
       HTML
     end
@@ -234,12 +237,12 @@ module Recaptcha
       options[:inline_script] != false
     end
 
-    private_class_method def self.recaptcha_v3_define_default_callback(callback)
+    private_class_method def self.recaptcha_v3_define_default_callback(callback, options)
       <<-HTML
-          var #{callback} = function(id, token) {
-            var element = document.getElementById(id);
-            element.value = token;
-          }
+        var #{callback} = function(id, token) {
+          var element = document.getElementById(id);
+          #{element_check_condition(options)} element.value = token;
+        }
       HTML
     end
 
@@ -251,8 +254,9 @@ module Recaptcha
       recaptcha_v3_inline_script?(options)
     end
 
-    # Returns the name of the JavaScript function that actually executes the reCAPTCHA code (calls
-    # grecaptcha.execute). You can call it again later to reset it.
+    # Returns the name of the JavaScript function that actually executes the
+    # reCAPTCHA code (calls `grecaptcha.execute` or
+    # `grecaptcha.enterprise.execute`). You can call it again later to reset it.
     def self.recaptcha_v3_execute_function_name(action)
       "executeRecaptchaFor#{sanitize_action_for_js(action)}"
     end
@@ -271,6 +275,7 @@ module Recaptcha
     private_class_method def self.default_callback(options = {})
       nonce = options[:nonce]
       nonce_attr = " nonce='#{nonce}'" if nonce
+      selector_attr = options[:id] ? "##{options[:id]}" : ".g-recaptcha"
 
       <<-HTML
         <script#{nonce_attr}>
@@ -283,9 +288,9 @@ module Recaptcha
               return curEle.nodeName === 'FORM' ? curEle : null
             };
 
-            var eles = document.getElementsByClassName('g-recaptcha');
-            if (eles.length > 0) {
-              var form = closestForm(eles[0]);
+            var el = document.querySelector("#{selector_attr}")
+            if (!!el) {
+              var form = closestForm(el);
               if (form) {
                 form.submit();
               }
@@ -295,6 +300,14 @@ module Recaptcha
       HTML
     end
 
+    def self.recaptcha_execute_method_name
+      Recaptcha.configuration.enterprise ? "grecaptcha.enterprise.execute" : "grecaptcha.execute"
+    end
+
+    def self.recaptcha_ready_method_name
+      Recaptcha.configuration.enterprise ? "grecaptcha.enterprise.ready" : "grecaptcha.ready"
+    end
+
     private_class_method def self.default_callback_required?(options)
       options[:callback] == 'invisibleRecaptchaSubmit' &&
       !Recaptcha.skip_env?(options[:env]) &&
@@ -317,5 +330,9 @@ module Recaptcha
     private_class_method def self.hash_to_query(hash)
       hash.delete_if { |_, val| val.nil? || val.empty? }.to_a.map { |pair| pair.join('=') }.join('&')
     end
+
+    private_class_method def self.element_check_condition(options)
+      options[:ignore_no_element] ? "if (element !== null)" : ""
+    end
   end
 end

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.5.0'
+  VERSION = '5.17.0'
 end

data/lib/recaptcha.rb

@@ -14,7 +14,6 @@ end
 
 module Recaptcha
   DEFAULT_TIMEOUT = 3
-  RESPONSE_LIMIT = 4000
 
   class RecaptchaError < StandardError
   end
@@ -56,24 +55,60 @@ module Recaptcha
   end
 
   def self.invalid_response?(resp)
-    resp.empty? || resp.length > RESPONSE_LIMIT
+    resp.empty? || resp.length > configuration.response_limit
   end
 
   def self.verify_via_api_call(response, options)
+    if Recaptcha.configuration.enterprise
+      verify_via_api_call_enterprise(response, options)
+    else
+      verify_via_api_call_free(response, options)
+    end
+  end
+
+  def self.verify_via_api_call_enterprise(response, options)
+    site_key = options.fetch(:site_key) { configuration.site_key! }
+    api_key = options.fetch(:enterprise_api_key) { configuration.enterprise_api_key! }
+    project_id = options.fetch(:enterprise_project_id) { configuration.enterprise_project_id! }
+
+    query_params = { 'key' => api_key }
+    body = { 'event' => { 'token' => response, 'siteKey' => site_key } }
+    body['event']['expectedAction'] = options[:action] if options.key?(:action)
+    body['event']['userIpAddress'] = options[:remote_ip] if options.key?(:remote_ip)
+
+    reply = api_verification_enterprise(query_params, body, project_id, timeout: options[:timeout])
+    score = reply.dig('riskAnalysis', 'score')
+    token_properties = reply['tokenProperties']
+    success = !token_properties.nil? &&
+      token_properties['valid'].to_s == 'true' &&
+      hostname_valid?(token_properties['hostname'], options[:hostname]) &&
+      action_valid?(token_properties['action'], options[:action]) &&
+      score_above_threshold?(score, options[:minimum_score]) &&
+      score_below_threshold?(score, options[:maximum_score])
+
+    if options[:with_reply] == true
+      [success, reply]
+    else
+      success
+    end
+  end
+
+  def self.verify_via_api_call_free(response, options)
     secret_key = options.fetch(:secret_key) { configuration.secret_key! }
     verify_hash = { 'secret' => secret_key, 'response' => response }
     verify_hash['remoteip'] = options[:remote_ip] if options.key?(:remote_ip)
 
-    reply = api_verification(verify_hash, timeout: options[:timeout])
+    reply = api_verification_free(verify_hash, timeout: options[:timeout], json: options[:json])
     success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score])
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
 
     if options[:with_reply] == true
-      return success, reply
+      [success, reply]
     else
-      return success
+      success
     end
   end
 
@@ -90,22 +125,19 @@ module Recaptcha
   def self.action_valid?(action, expected_action)
     case expected_action
     when nil, FalseClass then true
-    else action == expected_action
+    else action == expected_action.to_s
     end
   end
 
-  # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
   def self.score_above_threshold?(score, minimum_score)
-    return true if minimum_score.nil?
-    return false if score.nil?
+    !minimum_score || (score && score >= minimum_score)
+  end
 
-    case minimum_score
-    when nil, FalseClass then true
-    else score >= minimum_score
-    end
+  def self.score_below_threshold?(score, maximum_score)
+    !maximum_score || (score && score <= maximum_score)
   end
 
-  def self.api_verification(verify_hash, timeout: nil)
+  def self.http_client_for(uri:, timeout: nil)
     timeout ||= DEFAULT_TIMEOUT
     http = if configuration.proxy
       proxy_server = URI.parse(configuration.proxy)
@@ -113,12 +145,35 @@ module Recaptcha
     else
       Net::HTTP
     end
-    query = URI.encode_www_form(verify_hash)
-    uri = URI.parse(configuration.verify_url + '?' + query)
-    http_instance = http.new(uri.host, uri.port)
-    http_instance.read_timeout = http_instance.open_timeout = timeout
-    http_instance.use_ssl = true if uri.port == 443
-    request = Net::HTTP::Get.new(uri.request_uri)
+    instance = http.new(uri.host, uri.port)
+    instance.read_timeout = instance.open_timeout = timeout
+    instance.use_ssl = true if uri.port == 443
+
+    instance
+  end
+
+  def self.api_verification_free(verify_hash, timeout: nil, json: false)
+    if json
+      uri = URI.parse(configuration.verify_url)
+      request = Net::HTTP::Post.new(uri.request_uri)
+      request['Content-Type'] = 'application/json; charset=utf-8'
+      request.body = JSON.generate(verify_hash)
+    else
+      query = URI.encode_www_form(verify_hash)
+      uri = URI.parse("#{configuration.verify_url}?#{query}")
+      request = Net::HTTP::Get.new(uri.request_uri)
+    end
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    JSON.parse(http_instance.request(request).body)
+  end
+
+  def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
+    query = URI.encode_www_form(query_params)
+    uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
+    http_instance = http_client_for(uri: uri, timeout: timeout)
+    request = Net::HTTP::Post.new(uri.request_uri)
+    request['Content-Type'] = 'application/json; charset=utf-8'
+    request.body = JSON.generate(body)
     JSON.parse(http_instance.request(request).body)
   end
 end

data/rails/locales/de.yml

@@ -0,0 +1,5 @@
+de:
+  recaptcha:
+    errors:
+      verification_failed: Die reCAPTCHA-Überprüfung ist fehlgeschlagen, bitte versuchen Sie es erneut.
+      recaptcha_unreachable: Oops, wir konnten Ihre reCAPTCHA-Antwort nicht validieren. Bitte versuchen Sie es erneut.

data/rails/locales/es.yml

@@ -0,0 +1,5 @@
+es:
+  recaptcha:
+    errors:
+      verification_failed: La verificación de reCAPTCHA falló, por favor intente de nuevo.
+      recaptcha_unreachable: Ups, no pudimos validar su respuesta de reCAPTCHA. Por favor intente de nuevo.

data/rails/locales/fr.yml

@@ -0,0 +1,5 @@
+fr:
+  recaptcha:
+    errors:
+      verification_failed: La vérification reCAPTCHA a échoué, veuillez essayer à nouveau.
+      recaptcha_unreachable: Oops, nous n'avons pas pu valider votre réponse reCAPTCHA. Veuillez essayer à nouveau.

data/rails/locales/it.yml

@@ -0,0 +1,5 @@
+it:
+  recaptcha:
+    errors:
+      verification_failed: La verifica reCAPTCHA non è riuscita, si prega di riprovare.
+      recaptcha_unreachable: Ops, non siamo riusciti a convalidare la tua risposta reCAPTCHA. Per favore riprova.

data/rails/locales/ja.yml

@@ -0,0 +1,5 @@
+ja:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA認証に失敗しました。もう一度お試しください。
+      recaptcha_unreachable: reCAPTCHAのレスポンスを検証できませんでした。もう一度お試しください。

data/rails/locales/nl.yml

@@ -0,0 +1,5 @@
+nl:
+  recaptcha:
+    errors:
+      verification_failed: reCAPTCHA-verificatie mislukt, probeer het opnieuw.
+      recaptcha_unreachable: Oeps, we hebben uw reCAPTCHA-antwoord niet kunnen valideren. Probeer het opnieuw.

data/rails/locales/pt-BR.yml

@@ -0,0 +1,5 @@
+pt-BR:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

data/rails/locales/pt.yml

@@ -0,0 +1,5 @@
+pt:
+  recaptcha:
+    errors:
+      verification_failed: A verificação do reCAPTCHA falhou, por favor, tente novamente.
+      recaptcha_unreachable: Oops, não conseguimos validar sua resposta do reCAPTCHA. Por favor, tente novamente.

metadata

@@ -1,29 +1,15 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.5.0
+  version: 5.17.0
 platform: ruby
 authors:
 - Jason L Perry
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2020-03-31 00:00:00.000000000 Z
+date: 2024-06-09 00:00:00.000000000 Z
 dependencies:
-- !ruby/object:Gem::Dependency
-  name: json
-  requirement: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
-  type: :runtime
-  prerelease: false
-  version_requirements: !ruby/object:Gem::Requirement
-    requirements:
-    - - ">="
-      - !ruby/object:Gem::Version
-        version: '0'
 - !ruby/object:Gem::Dependency
   name: mocha
   requirement: !ruby/object:Gem::Requirement
@@ -154,13 +140,21 @@ files:
 - lib/recaptcha/rails.rb
 - lib/recaptcha/railtie.rb
 - lib/recaptcha/version.rb
+- rails/locales/de.yml
 - rails/locales/en.yml
+- rails/locales/es.yml
+- rails/locales/fr.yml
+- rails/locales/it.yml
+- rails/locales/ja.yml
+- rails/locales/nl.yml
+- rails/locales/pt-BR.yml
+- rails/locales/pt.yml
 homepage: http://github.com/ambethia/recaptcha
 licenses:
 - MIT
 metadata:
   source_code_uri: https://github.com/ambethia/recaptcha
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -168,15 +162,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.3.0
+      version: 3.0.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.3
-signing_key: 
+rubygems_version: 3.4.10
+signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API
 test_files: []