recaptcha 5.8.1 → 5.10.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 32dd1cf286b8d6ddaba6c76b8be43d674569755cf4c72bafeb5845d319c0eeb5
-  data.tar.gz: ca3c44b7410612d984e56f765ab3fce23f29024649248b067bc7d463eb94a137
+  metadata.gz: 2c43aec95c9b3af962cc3d9a46c70f85dc0fa3f76c29149cc6f67614aa4d1189
+  data.tar.gz: 5198c7347e482fb4bc0b6263742d719458764db9921b7b374f238e44297eaba7
 SHA512:
-  metadata.gz: 4210c65501bbb30ef9debbb53db1d1c69541e16000f6221ba1c9d16d7b0e625767c6861b79f10346643e2ab1a2ab1a210a1a4d8742e68b6efa48945da1d6d436
-  data.tar.gz: 19784f36a070d092249321947b4dfe236834347ce96247c5c6782fdd4209f8e2b478224e302b974db896622ab271f23572d8fff853925c6942807afabf0b9014
+  metadata.gz: ca84949e30a26d5409192dfdda7919902389b521779edec2d9b1ff70a79ede29cfe77caf015ce418eb61e397fed73140e581c5fb12b2cdea7a4ebddd457ec917
+  data.tar.gz: a9b982cda895842bc2b1096af656805b23d9a76cf480c590e14b1b9cf3a2ef54dd9483b580d6d9cc90060ffe437444c404bec418b1be269bc4c83fcd1090aafa

data/CHANGELOG.md

@@ -1,6 +1,15 @@
 ## Next
+
+## 5.10.0
+* drop ruby 2.4 2.5 2.6
+* add maxiumm score support for hcaptcha
+
+## 5.9.0
 * Gracefully handle invalid params
 
+## 5.8.1
+* Allow configuring response limit
+
 ## 5.8.0
 * Add support for the enterprise API
 

data/README.md

@@ -50,6 +50,8 @@ Note: Enter `localhost` or `127.0.0.1` as the domain if using in development wit
 
 ## Rails Installation
 
+**If you are having issues with Rails 7, Turbo, and Stimulus, make sure to check [this Wiki page](https://github.com/ambethia/recaptcha/wiki/Recaptcha-with-Turbo-and-Stimulus)!**
+
 ```ruby
 gem "recaptcha"
 ```
@@ -551,6 +553,38 @@ recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
 verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
 ```
 
+
+## hCaptcha support
+
+[hCaptcha](https://hcaptcha.com) is an alternative service providing reCAPTCHA API.
+
+To use hCaptcha:
+1. Set a site and a secret key as usual
+2. Set two options in `verify_url` and `api_service_url` pointing to hCaptcha API endpoints.
+3. Disable a response limit check by setting a `response_limit` to the large enough value (reCAPTCHA is limited by 4000 characters).
+4. It is not required to change a parameter name as [official docs suggest](https://docs.hcaptcha.com/switch) because API handles standard `g-recaptcha` for compatibility.
+
+```ruby
+# config/initializers/recaptcha.rb
+Recaptcha.configure do |config|
+  config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
+  config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
+  config.verify_url = 'https://hcaptcha.com/siteverify'
+  config.api_server_url = 'https://hcaptcha.com/1/api.js'
+  config.response_limit = 100000
+end
+```
+
+hCaptcha uses a scoring system (higher number more likely to be a bot) which is inverse of the reCaptcha scoring system (lower number more likely to be a bot). As such, a `maximum_score` attribute is provided for use with hCaptcha.
+
+```ruby
+result = verify_recaptcha(maximum_score: 0.7)
+```
+
+| Option           | Description |
+|------------------|-------------|
+| `:maximum_score` | Provide a threshold to meet or fall below. Threshold should be a float between 0 and 1 which will be tested as `score <= maximum_score`. (Default: `nil`) |
+
 ## Misc
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)

data/lib/recaptcha/configuration.rb

@@ -34,14 +34,14 @@ module Recaptcha
       'free_server_url' => 'https://www.recaptcha.net/recaptcha/api.js',
       'enterprise_server_url' => 'https://www.recaptcha.net/recaptcha/enterprise.js',
       'free_verify_url' => 'https://www.recaptcha.net/recaptcha/api/siteverify',
-      'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1beta1/projects'
+      'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1/projects'
     }.freeze
 
-    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, :hostname
-    attr_accessor :enterprise, :enterprise_api_key, :enterprise_project_id
+    attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
+                  :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
     attr_writer :api_server_url, :verify_url
 
-    def initialize #:nodoc:
+    def initialize # :nodoc:
       @default_env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
       @skip_verify_env = %w[test cucumber]
       @handle_timeouts_gracefully = true
@@ -55,6 +55,8 @@ module Recaptcha
 
       @verify_url = nil
       @api_server_url = nil
+
+      @response_limit = 4000
     end
 
     def secret_key!

data/lib/recaptcha/helpers.rb

@@ -10,7 +10,7 @@ module Recaptcha
     def self.recaptcha_v3(options = {})
       site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
       action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
-      id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
+      id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
       name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
       turbolinks = options.delete(:turbolinks)
       options[:render] = site_key

data/lib/recaptcha/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Recaptcha
-  VERSION = '5.8.1'
+  VERSION = '5.10.1'
 end

data/lib/recaptcha.rb

@@ -14,7 +14,6 @@ end
 
 module Recaptcha
   DEFAULT_TIMEOUT = 3
-  RESPONSE_LIMIT = 4000
 
   class RecaptchaError < StandardError
   end
@@ -56,7 +55,7 @@ module Recaptcha
   end
 
   def self.invalid_response?(resp)
-    resp.empty? || resp.length > RESPONSE_LIMIT
+    resp.empty? || resp.length > configuration.response_limit
   end
 
   def self.verify_via_api_call(response, options)
@@ -83,12 +82,13 @@ module Recaptcha
       token_properties['valid'].to_s == 'true' &&
       hostname_valid?(token_properties['hostname'], options[:hostname]) &&
       action_valid?(token_properties['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score])
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
 
     if options[:with_reply] == true
-      return success, reply
+      [success, reply]
     else
-      return success
+      success
     end
   end
 
@@ -101,12 +101,13 @@ module Recaptcha
     success = reply['success'].to_s == 'true' &&
       hostname_valid?(reply['hostname'], options[:hostname]) &&
       action_valid?(reply['action'], options[:action]) &&
-      score_above_threshold?(reply['score'], options[:minimum_score])
+      score_above_threshold?(reply['score'], options[:minimum_score]) &&
+      score_below_threshold?(reply['score'], options[:maximum_score])
 
     if options[:with_reply] == true
-      return success, reply
+      [success, reply]
     else
-      return success
+      success
     end
   end
 
@@ -127,15 +128,12 @@ module Recaptcha
     end
   end
 
-  # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
   def self.score_above_threshold?(score, minimum_score)
-    return true if minimum_score.nil?
-    return false if score.nil?
+    !minimum_score || (score && score >= minimum_score)
+  end
 
-    case minimum_score
-    when nil, FalseClass then true
-    else score >= minimum_score
-    end
+  def self.score_below_threshold?(score, maximum_score)
+    !maximum_score || (score && score <= maximum_score)
   end
 
   def self.http_client_for(uri:, timeout: nil)
@@ -155,7 +153,7 @@ module Recaptcha
 
   def self.api_verification_free(verify_hash, timeout: nil)
     query = URI.encode_www_form(verify_hash)
-    uri = URI.parse(configuration.verify_url + '?' + query)
+    uri = URI.parse("#{configuration.verify_url}?#{query}")
     http_instance = http_client_for(uri: uri, timeout: timeout)
     request = Net::HTTP::Get.new(uri.request_uri)
     JSON.parse(http_instance.request(request).body)
@@ -163,7 +161,7 @@ module Recaptcha
 
   def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
     query = URI.encode_www_form(query_params)
-    uri = URI.parse(configuration.verify_url + "/#{project_id}/assessments" + '?' + query)
+    uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
     http_instance = http_client_for(uri: uri, timeout: timeout)
     request = Net::HTTP::Post.new(uri.request_uri)
     request['Content-Type'] = 'application/json; charset=utf-8'

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: recaptcha
 version: !ruby/object:Gem::Version
-  version: 5.8.1
+  version: 5.10.1
 platform: ruby
 authors:
 - Jason L Perry
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2021-07-09 00:00:00.000000000 Z
+date: 2022-08-24 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: json
@@ -161,7 +161,7 @@ licenses:
 - MIT
 metadata:
   source_code_uri: https://github.com/ambethia/recaptcha
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -169,15 +169,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
-      version: 2.4.0
+      version: 2.7.0
 required_rubygems_version: !ruby/object:Gem::Requirement
   requirements:
   - - ">="
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.2.16
-signing_key: 
+rubygems_version: 3.3.3
+signing_key:
 specification_version: 4
 summary: Helpers for the reCAPTCHA API
 test_files: []