recaptcha 5.8.0 → 5.10.0

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 555ad69df9bcc4154972887c8df613e687e2370caf4c4aa9e8e4843e02effd30
4
- data.tar.gz: 40675afb3efbe1bdc78e48250715a8dd00bd1f4b27419f8bc72fbc1fd3911904
3
+ metadata.gz: 3870278113409bbbf6e9c772f8afc5a7130a1d9bf21eecaa7e8c6067b979a2c1
4
+ data.tar.gz: 7beaede8a6def64ae941a5c886188a53af77d243ddd80a84291fd9a033372c00
5
5
  SHA512:
6
- metadata.gz: c8cc3cf0b1ccc9076a23a3f0588fcde888c131118089cb11fca59b79eccca511a61622286d087757b2a764744ac1370d3ab39e07a059dd5ab939e3c7d592660f
7
- data.tar.gz: 8e716c170d96a0e39521d3c5a01a609c95dcdbe4daf5735936132e37bfc6ea8a7f73b9583bea653d145a950edaf3fdcbd1b6abdf63f886e04a6e12bbb052b7f1
6
+ metadata.gz: '089d2b491909e0e5c65dd021b97d99e196a69a6f43c452f835e08517a0e54b20d3a1166a16c7b16fa374e86c11629b847fe0f022b772db140c85412191231949'
7
+ data.tar.gz: ea8fe92b546e8174d0c143dd10c843683e7b4d793f40a3ccb6f403f10881ba0d246a20194e983f7332b869f11ca9aba7a1b998e984a21a49a550e960ba998e03
data/CHANGELOG.md CHANGED
@@ -1,4 +1,11 @@
1
1
  ## Next
2
+ * drop ruby 2.4 2.5 2.6
3
+
4
+ ## 5.9.0
5
+ * Gracefully handle invalid params
6
+
7
+ ## 5.8.1
8
+ * Allow configuring response limit
2
9
 
3
10
  ## 5.8.0
4
11
  * Add support for the enterprise API
data/README.md CHANGED
@@ -551,6 +551,38 @@ recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
551
551
  verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
552
552
  ```
553
553
 
554
+
555
+ ## hCaptcha support
556
+
557
+ [hCaptcha](https://hcaptcha.com) is an alternative service providing reCAPTCHA API.
558
+
559
+ To use hCaptcha:
560
+ 1. Set a site and a secret key as usual
561
+ 2. Set two options in `verify_url` and `api_service_url` pointing to hCaptcha API endpoints.
562
+ 3. Disable a response limit check by setting a `response_limit` to the large enough value (reCAPTCHA is limited by 4000 characters).
563
+ 4. It is not required to change a parameter name as [official docs suggest](https://docs.hcaptcha.com/switch) because API handles standard `g-recaptcha` for compatibility.
564
+
565
+ ```ruby
566
+ # config/initializers/recaptcha.rb
567
+ Recaptcha.configure do |config|
568
+ config.site_key = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
569
+ config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
570
+ config.verify_url = 'https://hcaptcha.com/siteverify'
571
+ config.api_server_url = 'https://hcaptcha.com/1/api.js'
572
+ config.response_limit = 100000
573
+ end
574
+ ```
575
+
576
+ hCaptcha uses a scoring system (higher number more likely to be a bot) which is inverse of the reCaptcha scoring system (lower number more likely to be a bot). As such, a `maximum_score` attribute is provided for use with hCaptcha.
577
+
578
+ ```ruby
579
+ result = verify_recaptcha(maximum_score: 0.7)
580
+ ```
581
+
582
+ | Option | Description |
583
+ |------------------|-------------|
584
+ | `:maximum_score` | Provide a threshold to meet or fall below. Threshold should be a float between 0 and 1 which will be tested as `score <= maximum_score`. (Default: `nil`) |
585
+
554
586
  ## Misc
555
587
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
556
588
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)
@@ -83,10 +83,12 @@ module Recaptcha
83
83
  # @return [String] A response token if one was passed in the params; otherwise, `''`
84
84
  def recaptcha_response_token(action = nil)
85
85
  response_param = params['g-recaptcha-response-data'] || params['g-recaptcha-response']
86
- if response_param&.respond_to?(:to_h) # Includes ActionController::Parameters
87
- response_param[action].to_s
86
+ response_param = response_param[action] if action && response_param.respond_to?(:key?)
87
+
88
+ if response_param.is_a?(String)
89
+ response_param
88
90
  else
89
- response_param.to_s
91
+ ''
90
92
  end
91
93
  end
92
94
  end
@@ -37,11 +37,11 @@ module Recaptcha
37
37
  'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1beta1/projects'
38
38
  }.freeze
39
39
 
40
- attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, :hostname
41
- attr_accessor :enterprise, :enterprise_api_key, :enterprise_project_id
40
+ attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
41
+ :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
42
42
  attr_writer :api_server_url, :verify_url
43
43
 
44
- def initialize #:nodoc:
44
+ def initialize # :nodoc:
45
45
  @default_env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
46
46
  @skip_verify_env = %w[test cucumber]
47
47
  @handle_timeouts_gracefully = true
@@ -55,6 +55,8 @@ module Recaptcha
55
55
 
56
56
  @verify_url = nil
57
57
  @api_server_url = nil
58
+
59
+ @response_limit = 4000
58
60
  end
59
61
 
60
62
  def secret_key!
@@ -10,7 +10,7 @@ module Recaptcha
10
10
  def self.recaptcha_v3(options = {})
11
11
  site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
12
12
  action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
13
- id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
13
+ id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
14
14
  name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
15
15
  turbolinks = options.delete(:turbolinks)
16
16
  options[:render] = site_key
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Recaptcha
4
- VERSION = '5.8.0'
4
+ VERSION = '5.10.0'
5
5
  end
data/lib/recaptcha.rb CHANGED
@@ -14,7 +14,6 @@ end
14
14
 
15
15
  module Recaptcha
16
16
  DEFAULT_TIMEOUT = 3
17
- RESPONSE_LIMIT = 4000
18
17
 
19
18
  class RecaptchaError < StandardError
20
19
  end
@@ -56,7 +55,7 @@ module Recaptcha
56
55
  end
57
56
 
58
57
  def self.invalid_response?(resp)
59
- resp.empty? || resp.length > RESPONSE_LIMIT
58
+ resp.empty? || resp.length > configuration.response_limit
60
59
  end
61
60
 
62
61
  def self.verify_via_api_call(response, options)
@@ -83,12 +82,13 @@ module Recaptcha
83
82
  token_properties['valid'].to_s == 'true' &&
84
83
  hostname_valid?(token_properties['hostname'], options[:hostname]) &&
85
84
  action_valid?(token_properties['action'], options[:action]) &&
86
- score_above_threshold?(reply['score'], options[:minimum_score])
85
+ score_above_threshold?(reply['score'], options[:minimum_score]) &&
86
+ score_below_threshold?(reply['score'], options[:maximum_score])
87
87
 
88
88
  if options[:with_reply] == true
89
- return success, reply
89
+ [success, reply]
90
90
  else
91
- return success
91
+ success
92
92
  end
93
93
  end
94
94
 
@@ -101,12 +101,13 @@ module Recaptcha
101
101
  success = reply['success'].to_s == 'true' &&
102
102
  hostname_valid?(reply['hostname'], options[:hostname]) &&
103
103
  action_valid?(reply['action'], options[:action]) &&
104
- score_above_threshold?(reply['score'], options[:minimum_score])
104
+ score_above_threshold?(reply['score'], options[:minimum_score]) &&
105
+ score_below_threshold?(reply['score'], options[:maximum_score])
105
106
 
106
107
  if options[:with_reply] == true
107
- return success, reply
108
+ [success, reply]
108
109
  else
109
- return success
110
+ success
110
111
  end
111
112
  end
112
113
 
@@ -127,15 +128,12 @@ module Recaptcha
127
128
  end
128
129
  end
129
130
 
130
- # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
131
131
  def self.score_above_threshold?(score, minimum_score)
132
- return true if minimum_score.nil?
133
- return false if score.nil?
132
+ !minimum_score || (score && score >= minimum_score)
133
+ end
134
134
 
135
- case minimum_score
136
- when nil, FalseClass then true
137
- else score >= minimum_score
138
- end
135
+ def self.score_below_threshold?(score, maximum_score)
136
+ !maximum_score || (score && score <= maximum_score)
139
137
  end
140
138
 
141
139
  def self.http_client_for(uri:, timeout: nil)
@@ -155,7 +153,7 @@ module Recaptcha
155
153
 
156
154
  def self.api_verification_free(verify_hash, timeout: nil)
157
155
  query = URI.encode_www_form(verify_hash)
158
- uri = URI.parse(configuration.verify_url + '?' + query)
156
+ uri = URI.parse("#{configuration.verify_url}?#{query}")
159
157
  http_instance = http_client_for(uri: uri, timeout: timeout)
160
158
  request = Net::HTTP::Get.new(uri.request_uri)
161
159
  JSON.parse(http_instance.request(request).body)
@@ -163,7 +161,7 @@ module Recaptcha
163
161
 
164
162
  def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
165
163
  query = URI.encode_www_form(query_params)
166
- uri = URI.parse(configuration.verify_url + "/#{project_id}/assessments" + '?' + query)
164
+ uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
167
165
  http_instance = http_client_for(uri: uri, timeout: timeout)
168
166
  request = Net::HTTP::Post.new(uri.request_uri)
169
167
  request['Content-Type'] = 'application/json; charset=utf-8'
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recaptcha
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.8.0
4
+ version: 5.10.0
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jason L Perry
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-05-09 00:00:00.000000000 Z
11
+ date: 2022-04-27 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -169,14 +169,14 @@ required_ruby_version: !ruby/object:Gem::Requirement
169
169
  requirements:
170
170
  - - ">="
171
171
  - !ruby/object:Gem::Version
172
- version: 2.4.0
172
+ version: 2.7.0
173
173
  required_rubygems_version: !ruby/object:Gem::Requirement
174
174
  requirements:
175
175
  - - ">="
176
176
  - !ruby/object:Gem::Version
177
177
  version: '0'
178
178
  requirements: []
179
- rubygems_version: 3.2.16
179
+ rubygems_version: 3.1.6
180
180
  signing_key:
181
181
  specification_version: 4
182
182
  summary: Helpers for the reCAPTCHA API