recaptcha 5.8.0 → 5.10.0

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 555ad69df9bcc4154972887c8df613e687e2370caf4c4aa9e8e4843e02effd30
-  data.tar.gz: 40675afb3efbe1bdc78e48250715a8dd00bd1f4b27419f8bc72fbc1fd3911904
+  metadata.gz: 3870278113409bbbf6e9c772f8afc5a7130a1d9bf21eecaa7e8c6067b979a2c1
+  data.tar.gz: 7beaede8a6def64ae941a5c886188a53af77d243ddd80a84291fd9a033372c00
 SHA512:
-  metadata.gz: c8cc3cf0b1ccc9076a23a3f0588fcde888c131118089cb11fca59b79eccca511a61622286d087757b2a764744ac1370d3ab39e07a059dd5ab939e3c7d592660f
-  data.tar.gz: 8e716c170d96a0e39521d3c5a01a609c95dcdbe4daf5735936132e37bfc6ea8a7f73b9583bea653d145a950edaf3fdcbd1b6abdf63f886e04a6e12bbb052b7f1
+  metadata.gz: '089d2b491909e0e5c65dd021b97d99e196a69a6f43c452f835e08517a0e54b20d3a1166a16c7b16fa374e86c11629b847fe0f022b772db140c85412191231949'
+  data.tar.gz: ea8fe92b546e8174d0c143dd10c843683e7b4d793f40a3ccb6f403f10881ba0d246a20194e983f7332b869f11ca9aba7a1b998e984a21a49a550e960ba998e03

data/CHANGELOG.md

@@ -1,4 +1,11 @@
 ## Next
+* drop ruby 2.4 2.5 2.6
+
+## 5.9.0
+* Gracefully handle invalid params
+
+## 5.8.1
+* Allow configuring response limit
 
 ## 5.8.0
 * Add support for the enterprise API

data/README.md

@@ -551,6 +551,38 @@ recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
 verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
 ```
 
+
+## hCaptcha support
+
+[hCaptcha](https://hcaptcha.com) is an alternative service providing reCAPTCHA API.
+
+To use hCaptcha:
+1. Set a site and a secret key as usual
+2. Set two options in `verify_url` and `api_service_url` pointing to hCaptcha API endpoints.
+3. Disable a response limit check by setting a `response_limit` to the large enough value (reCAPTCHA is limited by 4000 characters).
+4. It is not required to change a parameter name as [official docs suggest](https://docs.hcaptcha.com/switch) because API handles standard `g-recaptcha` for compatibility.
+
+```ruby
+# config/initializers/recaptcha.rb
+Recaptcha.configure do |config|
+  config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
+  config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
+  config.verify_url = 'https://hcaptcha.com/siteverify'
+  config.api_server_url = 'https://hcaptcha.com/1/api.js'
+  config.response_limit = 100000
+end
+```
+
+hCaptcha uses a scoring system (higher number more likely to be a bot) which is inverse of the reCaptcha scoring system (lower number more likely to be a bot). As such, a `maximum_score` attribute is provided for use with hCaptcha.
+
+```ruby
+result = verify_recaptcha(maximum_score: 0.7)
+```
+
+| Option           | Description |
+|------------------|-------------|
+| `:maximum_score` | Provide a threshold to meet or fall below. Threshold should be a float between 0 and 1 which will be tested as `score <= maximum_score`. (Default: `nil`) |
+
 ## Misc
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)

data/lib/recaptcha/adapters/controller_methods.rb

@@ -83,10 +83,12 @@ module Recaptcha
       # @return [String] A response token if one was passed in the params; otherwise, `''`
       def recaptcha_response_token(action = nil)
         response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
-        if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
-          response_param[action].to_s
+        response_param = response_param[action] if action && response_param.respond_to?(:key?)
+
+        if response_param.is_a?(String)
+          response_param
         else
-          response_param.to_s
+          ''
         end
       end
     end

data/lib/recaptcha/configuration.rb

@@ -37,11 +37,11 @@ module Recaptcha
       'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1beta1/projects'
     }.freeze
 
-    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, :hostname
-    attr_accessor :enterprise, :enterprise_api_key, :enterprise_project_id
+    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
+                  :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
     attr_writer :api_server_url, :verify_url
 
-    def initialize #:nodoc:
+    def initialize # :nodoc:
       @default_env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
       @skip_verify_env = %w[test cucumber]
       @handle_timeouts_gracefully = true
@@ -55,6 +55,8 @@ module Recaptcha
 
       @verify_url = nil
       @api_server_url = nil
+
+      @response_limit = 4000
     end
 
     def secret_key!

data/lib/recaptcha/helpers.rb

@@ -10,7 +10,7 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
       name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
       turbolinks = options.delete(:turbolinks)
       options[:render] = site_key

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.8.0'
+  VERSION = '5.10.0'
 end

data/lib/recaptcha.rb

@@ -14,7 +14,6 @@ end
 
 module Recaptcha
   DEFAULT_TIMEOUT = 3
-  RESPONSE_LIMIT = 4000
 
   class RecaptchaError < StandardError
   end
@@ -56,7 +55,7 @@ module Recaptcha
   end
 
   def self.invalid_response?(resp)
-    resp.empty? || resp.length > RESPONSE_LIMIT
+    resp.empty? || resp.length > configuration.response_limit
   end
 
   def self.verify_via_api_call(response, options)
@@ -83,12 +82,13 @@ module Recaptcha
       token_properties['valid'].to_s == 'true' &&
       hostname_valid?(token_properties['hostname'], options[:hostname]) &&
       action_valid?(token_properties['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score])
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
 
     if options[:with_reply] == true
-      return success, reply
+      [success, reply]
     else
-      return success
+      success
     end
   end
 
@@ -101,12 +101,13 @@ module Recaptcha
     success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score])
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
 
     if options[:with_reply] == true
-      return success, reply
+      [success, reply]
     else
-      return success
+      success
     end
   end
 
@@ -127,15 +128,12 @@ module Recaptcha
     end
   end
 
-  # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
   def self.score_above_threshold?(score, minimum_score)
-    return true if minimum_score.nil?
-    return false if score.nil?
+    !minimum_score || (score && score >= minimum_score)
+  end
 
-    case minimum_score
-    when nil, FalseClass then true
-    else score >= minimum_score
-    end
+  def self.score_below_threshold?(score, maximum_score)
+    !maximum_score || (score && score <= maximum_score)
   end
 
   def self.http_client_for(uri:, timeout: nil)
@@ -155,7 +153,7 @@ module Recaptcha
 
   def self.api_verification_free(verify_hash, timeout: nil)
     query = URI.encode_www_form(verify_hash)
-    uri = URI.parse(configuration.verify_url + '?' + query)
+    uri = URI.parse("#{configuration.verify_url}?#{query}")
     http_instance = http_client_for(uri: uri, timeout: timeout)
     request = Net::HTTP::Get.new(uri.request_uri)
     JSON.parse(http_instance.request(request).body)
@@ -163,7 +161,7 @@ module Recaptcha
 
   def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
     query = URI.encode_www_form(query_params)
-    uri = URI.parse(configuration.verify_url + "/#{project_id}/assessments" + '?' + query)
+    uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
     http_instance = http_client_for(uri: uri, timeout: timeout)
     request = Net::HTTP::Post.new(uri.request_uri)
     request['Content-Type'] = 'application/json; charset=utf-8'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.8.0
+  version: 5.10.0
 platform: ruby
 authors:
 - Jason L Perry
 autorequire: 
 bindir: bin
 cert_chain: []
-date: 2021-05-09 00:00:00.000000000 Z
+date: 2022-04-27 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -169,14 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.16
+rubygems_version: 3.1.6
 signing_key: 
 specification_version: 4
 summary: Helpers for the reCAPTCHA API