recaptcha 5.8.1 → 5.12.3

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: 32dd1cf286b8d6ddaba6c76b8be43d674569755cf4c72bafeb5845d319c0eeb5
4
- data.tar.gz: ca3c44b7410612d984e56f765ab3fce23f29024649248b067bc7d463eb94a137
3
+ metadata.gz: 4052ca42cf536d84329b553a058de58f2c3579e0ac2ad1e08ba42fed8ce974b4
4
+ data.tar.gz: 90c873c15d0772690ca3da6cf2588669a05c159e4fbaa1d6bdf5d809ad05dfd0
5
5
  SHA512:
6
- metadata.gz: 4210c65501bbb30ef9debbb53db1d1c69541e16000f6221ba1c9d16d7b0e625767c6861b79f10346643e2ab1a2ab1a210a1a4d8742e68b6efa48945da1d6d436
7
- data.tar.gz: 19784f36a070d092249321947b4dfe236834347ce96247c5c6782fdd4209f8e2b478224e302b974db896622ab271f23572d8fff853925c6942807afabf0b9014
6
+ metadata.gz: 403d9de96d890bb3f75cfb83c5907f01944d8e88233248ec199fe014e04f7f1386c13cd867c9020a232cd5501faada986f6d3413d3a2369e5d38d9c56a0704b9
7
+ data.tar.gz: ce0d965054455acff094e60ccad808fbf836992666f9bd1233684b172e766440ba922a0f8d030803575b3a538945e3273d0ae237ce2527f9e0983b7b76671328
data/CHANGELOG.md CHANGED
@@ -1,6 +1,34 @@
1
1
  ## Next
2
+
3
+ ## 5.12.3
4
+ * Remove score fallback for enterprise
5
+ * Update enterprise tests to v1 assessment schema
6
+
7
+ ## 5.12.2
8
+ * Fix minimum score for enterprise
9
+
10
+ ## 5.12.1
11
+ * Fix Japanese locale
12
+
13
+ ## 5.12.0
14
+ * Added Japanese locale
15
+
16
+ ## 5.11.0
17
+ * Added Dutch locale
18
+
19
+ ## 5.10.1
20
+ * Fix enterprise_verify_url #415
21
+
22
+ ## 5.10.0
23
+ * Drop ruby 2.4 2.5 2.6
24
+ * Add maxiumm score support for hcaptcha
25
+
26
+ ## 5.9.0
2
27
  * Gracefully handle invalid params
3
28
 
29
+ ## 5.8.1
30
+ * Allow configuring response limit
31
+
4
32
  ## 5.8.0
5
33
  * Add support for the enterprise API
6
34
 
data/README.md CHANGED
@@ -50,6 +50,8 @@ Note: Enter `localhost` or `127.0.0.1` as the domain if using in development wit
50
50
 
51
51
  ## Rails Installation
52
52
 
53
+ **If you are having issues with Rails 7, Turbo, and Stimulus, make sure to check [this Wiki page](https://github.com/ambethia/recaptcha/wiki/Recaptcha-with-Turbo-and-Stimulus)!**
54
+
53
55
  ```ruby
54
56
  gem "recaptcha"
55
57
  ```
@@ -551,6 +553,38 @@ recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
551
553
  verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
552
554
  ```
553
555
 
556
+
557
+ ## hCaptcha support
558
+
559
+ [hCaptcha](https://hcaptcha.com) is an alternative service providing reCAPTCHA API.
560
+
561
+ To use hCaptcha:
562
+ 1. Set a site and a secret key as usual
563
+ 2. Set two options in `verify_url` and `api_service_url` pointing to hCaptcha API endpoints.
564
+ 3. Disable a response limit check by setting a `response_limit` to the large enough value (reCAPTCHA is limited by 4000 characters).
565
+ 4. It is not required to change a parameter name as [official docs suggest](https://docs.hcaptcha.com/switch) because API handles standard `g-recaptcha` for compatibility.
566
+
567
+ ```ruby
568
+ # config/initializers/recaptcha.rb
569
+ Recaptcha.configure do |config|
570
+ config.site_key = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
571
+ config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
572
+ config.verify_url = 'https://hcaptcha.com/siteverify'
573
+ config.api_server_url = 'https://hcaptcha.com/1/api.js'
574
+ config.response_limit = 100000
575
+ end
576
+ ```
577
+
578
+ hCaptcha uses a scoring system (higher number more likely to be a bot) which is inverse of the reCaptcha scoring system (lower number more likely to be a bot). As such, a `maximum_score` attribute is provided for use with hCaptcha.
579
+
580
+ ```ruby
581
+ result = verify_recaptcha(maximum_score: 0.7)
582
+ ```
583
+
584
+ | Option | Description |
585
+ |------------------|-------------|
586
+ | `:maximum_score` | Provide a threshold to meet or fall below. Threshold should be a float between 0 and 1 which will be tested as `score <= maximum_score`. (Default: `nil`) |
587
+
554
588
  ## Misc
555
589
  - Check out the [wiki](https://github.com/ambethia/recaptcha/wiki) and leave whatever you found valuable there.
556
590
  - [Add multiple widgets to the same page](https://github.com/ambethia/recaptcha/wiki/Add-multiple-widgets-to-the-same-page)
@@ -34,14 +34,14 @@ module Recaptcha
34
34
  'free_server_url' => 'https://www.recaptcha.net/recaptcha/api.js',
35
35
  'enterprise_server_url' => 'https://www.recaptcha.net/recaptcha/enterprise.js',
36
36
  'free_verify_url' => 'https://www.recaptcha.net/recaptcha/api/siteverify',
37
- 'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1beta1/projects'
37
+ 'enterprise_verify_url' => 'https://recaptchaenterprise.googleapis.com/v1/projects'
38
38
  }.freeze
39
39
 
40
- attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, :hostname
41
- attr_accessor :enterprise, :enterprise_api_key, :enterprise_project_id
40
+ attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully,
41
+ :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit
42
42
  attr_writer :api_server_url, :verify_url
43
43
 
44
- def initialize #:nodoc:
44
+ def initialize # :nodoc:
45
45
  @default_env = ENV['RAILS_ENV'] || ENV['RACK_ENV'] || (Rails.env if defined? Rails.env)
46
46
  @skip_verify_env = %w[test cucumber]
47
47
  @handle_timeouts_gracefully = true
@@ -55,6 +55,8 @@ module Recaptcha
55
55
 
56
56
  @verify_url = nil
57
57
  @api_server_url = nil
58
+
59
+ @response_limit = 4000
58
60
  end
59
61
 
60
62
  def secret_key!
@@ -10,7 +10,7 @@ module Recaptcha
10
10
  def self.recaptcha_v3(options = {})
11
11
  site_key = options[:site_key] ||= Recaptcha.configuration.site_key!
12
12
  action = options.delete(:action) || raise(Recaptcha::RecaptchaError, 'action is required')
13
- id = options.delete(:id) || "g-recaptcha-response-data-" + dasherize_action(action)
13
+ id = options.delete(:id) || "g-recaptcha-response-data-#{dasherize_action(action)}"
14
14
  name = options.delete(:name) || "g-recaptcha-response-data[#{action}]"
15
15
  turbolinks = options.delete(:turbolinks)
16
16
  options[:render] = site_key
@@ -1,5 +1,5 @@
1
1
  # frozen_string_literal: true
2
2
 
3
3
  module Recaptcha
4
- VERSION = '5.8.1'
4
+ VERSION = '5.12.3'
5
5
  end
data/lib/recaptcha.rb CHANGED
@@ -14,7 +14,6 @@ end
14
14
 
15
15
  module Recaptcha
16
16
  DEFAULT_TIMEOUT = 3
17
- RESPONSE_LIMIT = 4000
18
17
 
19
18
  class RecaptchaError < StandardError
20
19
  end
@@ -56,7 +55,7 @@ module Recaptcha
56
55
  end
57
56
 
58
57
  def self.invalid_response?(resp)
59
- resp.empty? || resp.length > RESPONSE_LIMIT
58
+ resp.empty? || resp.length > configuration.response_limit
60
59
  end
61
60
 
62
61
  def self.verify_via_api_call(response, options)
@@ -78,17 +77,19 @@ module Recaptcha
78
77
  body['event']['userIpAddress'] = options[:remote_ip] if options.key?(:remote_ip)
79
78
 
80
79
  reply = api_verification_enterprise(query_params, body, project_id, timeout: options[:timeout])
80
+ score = reply.dig('riskAnalysis', 'score')
81
81
  token_properties = reply['tokenProperties']
82
82
  success = !token_properties.nil? &&
83
83
  token_properties['valid'].to_s == 'true' &&
84
84
  hostname_valid?(token_properties['hostname'], options[:hostname]) &&
85
85
  action_valid?(token_properties['action'], options[:action]) &&
86
- score_above_threshold?(reply['score'], options[:minimum_score])
86
+ score_above_threshold?(score, options[:minimum_score]) &&
87
+ score_below_threshold?(score, options[:maximum_score])
87
88
 
88
89
  if options[:with_reply] == true
89
- return success, reply
90
+ [success, reply]
90
91
  else
91
- return success
92
+ success
92
93
  end
93
94
  end
94
95
 
@@ -101,12 +102,13 @@ module Recaptcha
101
102
  success = reply['success'].to_s == 'true' &&
102
103
  hostname_valid?(reply['hostname'], options[:hostname]) &&
103
104
  action_valid?(reply['action'], options[:action]) &&
104
- score_above_threshold?(reply['score'], options[:minimum_score])
105
+ score_above_threshold?(reply['score'], options[:minimum_score]) &&
106
+ score_below_threshold?(reply['score'], options[:maximum_score])
105
107
 
106
108
  if options[:with_reply] == true
107
- return success, reply
109
+ [success, reply]
108
110
  else
109
- return success
111
+ success
110
112
  end
111
113
  end
112
114
 
@@ -127,15 +129,12 @@ module Recaptcha
127
129
  end
128
130
  end
129
131
 
130
- # Returns true iff score is greater or equal to (>=) minimum_score, or if no minimum_score was specified
131
132
  def self.score_above_threshold?(score, minimum_score)
132
- return true if minimum_score.nil?
133
- return false if score.nil?
133
+ !minimum_score || (score && score >= minimum_score)
134
+ end
134
135
 
135
- case minimum_score
136
- when nil, FalseClass then true
137
- else score >= minimum_score
138
- end
136
+ def self.score_below_threshold?(score, maximum_score)
137
+ !maximum_score || (score && score <= maximum_score)
139
138
  end
140
139
 
141
140
  def self.http_client_for(uri:, timeout: nil)
@@ -155,7 +154,7 @@ module Recaptcha
155
154
 
156
155
  def self.api_verification_free(verify_hash, timeout: nil)
157
156
  query = URI.encode_www_form(verify_hash)
158
- uri = URI.parse(configuration.verify_url + '?' + query)
157
+ uri = URI.parse("#{configuration.verify_url}?#{query}")
159
158
  http_instance = http_client_for(uri: uri, timeout: timeout)
160
159
  request = Net::HTTP::Get.new(uri.request_uri)
161
160
  JSON.parse(http_instance.request(request).body)
@@ -163,7 +162,7 @@ module Recaptcha
163
162
 
164
163
  def self.api_verification_enterprise(query_params, body, project_id, timeout: nil)
165
164
  query = URI.encode_www_form(query_params)
166
- uri = URI.parse(configuration.verify_url + "/#{project_id}/assessments" + '?' + query)
165
+ uri = URI.parse("#{configuration.verify_url}/#{project_id}/assessments?#{query}")
167
166
  http_instance = http_client_for(uri: uri, timeout: timeout)
168
167
  request = Net::HTTP::Post.new(uri.request_uri)
169
168
  request['Content-Type'] = 'application/json; charset=utf-8'
@@ -0,0 +1,5 @@
1
+ ja:
2
+ recaptcha:
3
+ errors:
4
+ verification_failed: reCAPTCHA認証に失敗しました。もう一度お試しください。
5
+ recaptcha_unreachable: reCAPTCHAのレスポンスを検証できませんでした。もう一度お試しください。
@@ -0,0 +1,5 @@
1
+ nl:
2
+ recaptcha:
3
+ errors:
4
+ verification_failed: reCAPTCHA-verificatie mislukt, probeer het opnieuw.
5
+ recaptcha_unreachable: Oeps, we hebben uw reCAPTCHA-antwoord niet kunnen valideren. Probeer het opnieuw.
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: recaptcha
3
3
  version: !ruby/object:Gem::Version
4
- version: 5.8.1
4
+ version: 5.12.3
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jason L Perry
8
- autorequire:
8
+ autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-07-09 00:00:00.000000000 Z
11
+ date: 2022-09-05 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: json
@@ -156,12 +156,14 @@ files:
156
156
  - lib/recaptcha/version.rb
157
157
  - rails/locales/en.yml
158
158
  - rails/locales/fr.yml
159
+ - rails/locales/ja.yml
160
+ - rails/locales/nl.yml
159
161
  homepage: http://github.com/ambethia/recaptcha
160
162
  licenses:
161
163
  - MIT
162
164
  metadata:
163
165
  source_code_uri: https://github.com/ambethia/recaptcha
164
- post_install_message:
166
+ post_install_message:
165
167
  rdoc_options: []
166
168
  require_paths:
167
169
  - lib
@@ -169,15 +171,15 @@ required_ruby_version: !ruby/object:Gem::Requirement
169
171
  requirements:
170
172
  - - ">="
171
173
  - !ruby/object:Gem::Version
172
- version: 2.4.0
174
+ version: 2.7.0
173
175
  required_rubygems_version: !ruby/object:Gem::Requirement
174
176
  requirements:
175
177
  - - ">="
176
178
  - !ruby/object:Gem::Version
177
179
  version: '0'
178
180
  requirements: []
179
- rubygems_version: 3.2.16
180
- signing_key:
181
+ rubygems_version: 3.3.3
182
+ signing_key:
181
183
  specification_version: 4
182
184
  summary: Helpers for the reCAPTCHA API
183
185
  test_files: []