reputable 0.1.5 → 0.1.7

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 1d8e38d02c6ad20f915ff71f489780dea010d1304132ba5f1946082e023ff797
-  data.tar.gz: 712a5a0eeadd88a5127a0d9086c57d4566c6074440e93724deaf28186cf0c55d
+  metadata.gz: c5ea31e6c135265677697ac1411fb0d9308f6d4454f23a3d1558018eddfccb4a
+  data.tar.gz: 0aea9d057b70a2ca763f5e1f5e6b024d25d07d783feee0447bd311526a189574
 SHA512:
-  metadata.gz: bbffa423a948e82c995e5cce48f93356cb0f44519106872e588637a11678b980a26a6290d59289851130ddba212897172b5aaa343ae6b73ebd7d39e15d8a53ce
-  data.tar.gz: c18bec4b986c8a83cba202130ee3dcfcc2f999256c36622020768112285309bf1aca4744518ed0edeed5423b4dc538edf86f5c4f2a4dd97112cde6602a09cc8c
+  metadata.gz: f9621074b650d78f8ba44014f5df9880ee8431065f88a9cd6e3da467aef4885da7230851de5cfe316ef3d8162317bd43cba10fd943d87affbbb2ae11046901c9
+  data.tar.gz: 59c4953b9caaf151b3b8a97d057d90b9dab88bdfe71809460a588f35cc8ddc903dacc6805bb9b14ba39d70d203e7622331bbd469e7b870be1da968a8b74b3f77

data/Gemfile.lock

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reputable (0.1.4)
+    reputable (0.1.6)
       connection_pool (~> 2.2)
       redis (>= 4.0, < 6.0)
 

data/README.md

@@ -381,13 +381,20 @@ if suspicious_activity_detected?
   redirect_url = Reputable.verification_url(
     return_url: request.original_url, # Where to send them back after verification
     failure_url: root_url,            # Optional: where to send if they fail/garbage token
-    session_id: session.id            # Optional: link specific session
+    session_id: session.id,           # Optional: link specific session
+    force_challenge: false            # Optional: if true, always show CAPTCHA (for testing)
   )
   
   redirect_to redirect_url
 end
 ```
 
+**Options:**
+- `return_url` (required): Where to redirect after successful verification
+- `failure_url` (optional): Where to redirect on failure (defaults to return_url)
+- `session_id` (optional): Bind verification to a specific session
+- `force_challenge` (optional): If `true`, always show CAPTCHA even for trusted users. Useful for testing the challenge flow.
+
 ### 2. Handling the Return Redirect
 
 When the user passes verification (or is determined to be already trusted/clean), they are immediately redirected back to your `return_url` with signed parameters.
@@ -435,6 +442,7 @@ The return URL will contain:
 - `reputable_outcome`: The specific reputation outcome (e.g., `trusted_verified`)
 - `reputable_ignore_analytics`: 'true'/'false' flag
 - `reputable_country`: ISO country code
+- `reputable_challenge_passed`: 'true' when an interactive challenge was completed
 - `reputable_signature`: HMAC-SHA256 signature of the above
 
 ---

data/lib/reputable/configuration.rb

@@ -77,7 +77,7 @@ module Reputable
       elsif ENV["REPUTABLE_SECRET_KEY"]
         @trusted_keys = [ENV["REPUTABLE_SECRET_KEY"]]
       end
-      @base_url = ENV["REPUTABLE_BASE_URL"]
+      @base_url = ENV.fetch("REPUTABLE_BASE_URL", "https://api.reputable.click")
     end
 
     # Alias for backward compatibility

data/lib/reputable/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Reputable
-  VERSION = "0.1.5"
+  VERSION = "0.1.7"
 end

data/lib/reputable.rb

@@ -126,7 +126,12 @@ module Reputable
     end
 
     # Generate a signed verification URL
-    def verification_url(return_url:, failure_url: nil, session_id: nil)
+    # @param return_url [String] URL to redirect to after successful verification
+    # @param failure_url [String, nil] URL to redirect to on failure (optional)
+    # @param session_id [String, nil] Session ID to bind the verification to (optional)
+    # @param force_challenge [Boolean] If true, always show CAPTCHA even for trusted users (default: false)
+    # @return [String] The signed verification URL
+    def verification_url(return_url:, failure_url: nil, session_id: nil, force_challenge: false)
       keys = configuration.trusted_keys
       if keys.nil? || keys.empty?
         logger&.warn "Reputable: Missing trusted_keys, cannot generate verification URL"
@@ -150,6 +155,7 @@ module Reputable
         returnUrl: return_url,
         failureUrl: failure_url,
         sessionId: session_id,
+        forceChallenge: force_challenge,
         iat: Time.now.to_i
       }
       encoded_payload = base64url_encode(JSON.generate(payload))
@@ -174,6 +180,7 @@ module Reputable
       outcome = params["reputable_outcome"]
       ignore_analytics = params["reputable_ignore_analytics"]
       country = params["reputable_country"] || ""
+      challenge_passed = params["reputable_challenge_passed"]
       
       return false unless status && session_id && signature
       
@@ -183,14 +190,15 @@ module Reputable
         return false
       end
       
-      # Reconstruct data string: status:sessionId:outcome:ignoreAnalytics:country
+      # Reconstruct data string: status:sessionId:outcome:ignoreAnalytics:country:challengePassed
       # Note: optional params default to empty strings if missing in reconstruction logic on server
       data_parts = [
         status,
         session_id,
         outcome || "",
         ignore_analytics.nil? ? "" : ignore_analytics,
-        country
+        country,
+        challenge_passed || ""
       ]
       
       data = data_parts.join(":")

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reputable
 version: !ruby/object:Gem::Version
-  version: 0.1.5
+  version: 0.1.7
 platform: ruby
 authors:
 - Reputable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-12-26 00:00:00.000000000 Z
+date: 2025-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis