RubyGems - reputable - Versions diffs - 0.1.6 → 0.1.8 - Mend

reputable 0.1.6 → 0.1.8

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 3c8047e39b4f09d6580aeba68d04e3231c2774b9f0eac1d7c70591b7e45e11df
-  data.tar.gz: 14aecba661b4bd57381f496274dfd0185cc7ef1e7332ab71d2ce56d623935cb8
+  metadata.gz: 0b987ffa68c839c4a7d7a288fbe89f530eebeed3ba7f793ae7f9dc99ffa09063
+  data.tar.gz: 4d83e36696d0b1164958dc32be975f4b18dbdc9e2d67e25e586cbdced3c690f3
 SHA512:
-  metadata.gz: 34507a4124cca8739008ccf9bc1762226aeef05c994fb861be47bc08eb4e4b06dcad501082750cf56b6f9025b0e1d7596bc057da761bba23c94b583048096425
-  data.tar.gz: 67d7c49193f2c2492d49cc34a0e5051f45db49ed98f7d62a7623fc32cfc753f481da5c6ba9a9fba71f624d68cab535334d409b7c74532c102ffd4f29f338e2ba
+  metadata.gz: a89be2adeabee55f6ef8599dff51e6fbdff659de9cc7657b1d82ae61e14d61a52985533f067939500f89b19e36b844be4baf9b882d2926f29c7d899b5da6fa1a
+  data.tar.gz: bb16577e080d26d0ba106e8dbbc777b48b030c1bdc83bae5fba75df56f06db46557a0aa92318e9e82e7f04722065e0f3b7fb28adcf80dd400b9f3810e14b84a2

data/Gemfile.lock CHANGED Viewed

@@ -1,7 +1,7 @@
 PATH
   remote: .
   specs:
-    reputable (0.1.4)
+    reputable (0.1.6)
       connection_pool (~> 2.2)
       redis (>= 4.0, < 6.0)

data/README.md CHANGED Viewed

@@ -305,6 +305,31 @@ rep = current_ip_reputation
 # => { status: 'trusted_verified', reason: 'payment', ... }
 ```
+### Verification Redirect Helpers
+```ruby
+class SessionsController < ApplicationController
+  def new
+    require_reputable_verification!
+    # If verified, continue
+  end
+end
+```
+Optional args:
+- `return_url` (default: `request.original_url`)
+- `failure_url` (default: API `/verify/failure` page)
+- `session_id` (default: `session.id`)
+- `force_challenge` (default: `false`)
+- `session_key` (default: `:reputable_verified_at`)
+You can check or clear the session flag:
+```ruby
+reputable_verified?
+clear_reputable_verification!
+```
 ---
 ## Manual API Usage
@@ -391,7 +416,7 @@ end
 **Options:**
 - `return_url` (required): Where to redirect after successful verification
-- `failure_url` (optional): Where to redirect on failure (defaults to return_url)
+- `failure_url` (optional): Where to redirect on failure (defaults to API `/verify/failure` page)
 - `session_id` (optional): Bind verification to a specific session
 - `force_challenge` (optional): If `true`, always show CAPTCHA even for trusted users. Useful for testing the challenge flow.
@@ -442,6 +467,7 @@ The return URL will contain:
 - `reputable_outcome`: The specific reputation outcome (e.g., `trusted_verified`)
 - `reputable_ignore_analytics`: 'true'/'false' flag
 - `reputable_country`: ISO country code
+- `reputable_challenge_passed`: 'true' when an interactive challenge was completed
 - `reputable_signature`: HMAC-SHA256 signature of the above
 ---

data/lib/reputable/rails.rb CHANGED Viewed

@@ -7,6 +7,10 @@ module Reputable
     module ControllerHelpers
       extend ActiveSupport::Concern
+      included do
+        helper_method :reputable_verified? if respond_to?(:helper_method)
+      end
       # Track the current request with optional extra tags
       def track_reputable_request(tags: [], **options)
         Reputable::Tracker.track_request(
@@ -81,6 +85,74 @@ module Reputable
       def current_ip_status
         Reputable::Reputation.lookup_ip(request.remote_ip)
       end
+      # ========================================
+      # Verification redirect helpers
+      # ========================================
+      # Check if the current session has already passed verification
+      # @param session_key [Symbol]
+      # @return [Boolean]
+      def reputable_verified?(session_key: :reputable_verified_at)
+        session[session_key].present?
+      end
+      # Clear verification status for the current session
+      # @param session_key [Symbol]
+      def clear_reputable_verification!(session_key: :reputable_verified_at)
+        session.delete(session_key)
+      end
+      # Enforce verification redirect flow.
+      # - If already verified in this session, returns immediately.
+      # - If returning with signature, validates and marks session.
+      # - Otherwise redirects to verification URL.
+      #
+      # @param return_url [String] URL to return to after verification
+      # @param failure_url [String] URL to return to on failure/invalid token
+      # @param session_id [String] Optional session id to link
+      # @param force_challenge [Boolean] Force challenge even if trusted
+      # @param session_key [Symbol] Session key used to store verified state
+      def require_reputable_verification!(
+        return_url: request.original_url,
+        failure_url: nil,
+        session_id: session.id,
+        force_challenge: false,
+        session_key: :reputable_verified_at
+      )
+        return if reputable_verified?(session_key: session_key)
+        if params[:reputable_signature]
+          if Reputable.verify_redirect_return(params)
+            if params[:reputable_status] == "pass"
+              session[session_key] = Time.now.to_i
+              return
+            end
+            redirect_to failure_url and return
+          else
+            render plain: "Verification failed", status: 403 and return
+          end
+        end
+        redirect_to reputable_verification_url(
+          return_url: return_url,
+          failure_url: failure_url,
+          session_id: session_id,
+          force_challenge: force_challenge
+        ) and return
+      end
+      private
+      def reputable_verification_url(return_url:, failure_url:, session_id:, force_challenge:)
+        Reputable.verification_url(
+          return_url: return_url,
+          failure_url: failure_url,
+          session_id: session_id,
+          force_challenge: force_challenge
+        )
+      end
     end
     # Railtie for automatic Rails integration (only defined when Rails is present)

data/lib/reputable/version.rb CHANGED Viewed

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 module Reputable
-  VERSION = "0.1.6"
+  VERSION = "0.1.8"
 end

data/lib/reputable.rb CHANGED Viewed

@@ -145,6 +145,7 @@ module Reputable
       # Ensure base_url doesn't have a trailing slash, then append the verify path
       base_url = base_url.chomp("/")
       verify_url = "#{base_url}/_reputable/verify"
+      failure_url ||= "#{base_url}/_reputable/verify/failure"
       # JWT Header
       header = { alg: "HS256", typ: "JWT" }
@@ -180,6 +181,7 @@ module Reputable
       outcome = params["reputable_outcome"]
       ignore_analytics = params["reputable_ignore_analytics"]
       country = params["reputable_country"] || ""
+      challenge_passed = params["reputable_challenge_passed"]
       return false unless status && session_id && signature
@@ -189,14 +191,15 @@ module Reputable
         return false
       end
-      # Reconstruct data string: status:sessionId:outcome:ignoreAnalytics:country
+      # Reconstruct data string: status:sessionId:outcome:ignoreAnalytics:country:challengePassed
       # Note: optional params default to empty strings if missing in reconstruction logic on server
       data_parts = [
         status,
         session_id,
         outcome || "",
         ignore_analytics.nil? ? "" : ignore_analytics,
-        country
+        country,
+        challenge_passed || ""
       ]
       data = data_parts.join(":")

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: reputable
 version: !ruby/object:Gem::Version
-  version: 0.1.6
+  version: 0.1.8
 platform: ruby
 authors:
 - Reputable
 autorequire:
 bindir: exe
 cert_chain: []
-date: 2025-12-27 00:00:00.000000000 Z
+date: 2025-12-28 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: redis