rucaptcha 2.4.0 → 2.5.4

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: dedcdb1109660abdd7154eba8afa5aa4b22a1ce0093b61d018b30de0c7c00367
-  data.tar.gz: af218e451a34fd7a11a934c2a6d84f62a8c03342d87c9e7e4dc1534c79a2e07d
+  metadata.gz: 865e51c997ad77d19192b1da3cef9786d7dc2178ebc4528db6e281ce8d4d47e9
+  data.tar.gz: e1b03e54771aabc0ee2b10497b4a1f7215f2e1273908e00feb63456a30787743
 SHA512:
-  metadata.gz: d29ad3b367a5dd326a9a3eb390a11b3dbcaf557d2520f68b7a244df3029e13e4ae878ea097ccde98ebcf3e7990402d679fde3082c3bf34b9d266d39f228d9174
-  data.tar.gz: 0b10c69dbe3f77210f4fa450f3fc9c86721d26a6656980660de3051193e9a8617c5d6b38d747fa35196bf768ecbb24db37dc5fd369cd6d364ff9f853710c7a76
+  metadata.gz: 1b6cee07b419390aa91c99708f1d788f2507d0e87b4d729ed08a6d664bf527d6358bd5a6187ce29e2da1f05e95778dcb53fc07f749399564802766b40dd1f6b7
+  data.tar.gz: d48d9cb0ff756ec16b6121314e5f13c85c4051d17cc11d049f5f246f7231db6fea9f335724fe6c67106b9f38d09ea4403aebeb853356c2b602802f01885c7378

data/CHANGELOG.md

@@ -1,72 +1,110 @@
-2.4.0
--------
+## 2.5.4
+
+- Fix: rucaptcha input maxlength attribute with config value.
+
+  2.5.3
+
+---
+
+- Fix session invalid warning, only for development env;
+
+  2.5.2
+
+---
+
+- Fix session.id error with upgrade Rails 6.0.2.1 or Rack 2.0.8 (#84)
+
+  2.5.1
+
+---
+
+- Fix invalid module name error. (#78)
+
+  2.5.0
+
+---
+
+- Support click captcha image to refresh new one by default.
+- Use simple tag helper generate captcha img html, for avoid asset_host (#73).
+
+  2.4.0
+
+---
 
 - Add skip_cache_store_check configuration. (#63)
 - Fix for generate captcha with relative path, not url. (#58)
 
-2.3.2
--------
+  2.3.2
+
+---
 
 - Change Yellow and Green colors to Pink and Deep Purple to pass WCAG 2.0's contrast test. (#70)
 
-2.3.1
--------
+  2.3.1
+
+---
 
 - Fix #67 a y chars will invalid error (only in 2.3.0).
 
-2.3.0
--------
+  2.3.0
+
+---
 
 - Add `config.outline` for use outline style.
 - Reduce colors down to 5 (red, blue, green, yellow and black).
 
-2.2.0
------
+  2.2.0
+
+---
 
 - Add option `config.length` for support change number chars. (#57)
 - Add option `config.strikethrough` for enable or disable strikethrough. (#57)
 
-2.1.3
------
+  2.1.3
+
+---
 
 - Windows support fixed with `send_data` method. (#45)
 
-2.1.2
------
+  2.1.2
+
+---
 
 - Do not change captcha when `HEAD /rucaptcha`.
 
-2.1.1
------
+  2.1.1
+
+---
 
 - Mount engine use `prepend` method to get high priority in config/routes.rb.
 
-2.1.0
------
+  2.1.0
+
+---
 
 - Mount Router by default, not need config now.
 
   > IMPORTANT: Wen you upgrade this version, you need remove `mount RuCaptcha::Engine` line from your `config/routes.rb`
+
 - Default use [:file_store, 'tmp/cache/rucaptcha/session'] as RuCaptcha.config.cache_store, now it can work without any configurations.
 
 > NOTE: But you still need care about `config.cache_store` to setup on a right way.
 
-
-
-2.0.3
------
+## 2.0.3
 
 - Use `ActiveSupport.on_load` to extend ActionController and ActionView.
 
-2.0.1
------
+  2.0.1
+
+---
 
 - Fix `/rucaptcha` path issue when `config.action_controller.asset_host` has setup with CDN url.
 
-2.0.0
------
+  2.0.0
+
+---
 
-*Break Changes!*
+_Break Changes!_
 
 WARNING!: This version have so many break changes!
 
@@ -75,29 +113,34 @@ WARNING!: This version have so many break changes!
 - Remove `len`, `font_size`, `cache_limit` config key, no support now.
 - Output `GIF` format.
 
-1.2.0
------
+  1.2.0
+
+---
 
 - Add an `:keep_session` option for `verify_rucaptcha?` method to giva a way for let you keep session on verify, if true, RuCaptcha will not delete the captcha code session after validation.
 
-1.1.4
------
+  1.1.4
+
+---
 
 - Fix #35 just give a warning message if not setup a right cache_store, only raise on :null_store.
 
-1.1.2
------
+  1.1.2
+
+---
 
 - Fix #34 rucaptcha.root_url -> root_path, to avoid generate a http url in a https application.
 - Fix spec to require Ruby 2.0.0, because there have a `Module#prepend` method called.
 
-1.1.1
------
+  1.1.1
+
+---
 
 - Remove inspect log on verify_rucaptcha
 
-1.1.0
------
+  1.1.0
+
+---
 
 - Add `cache_store` config key to setup a cache store location for RuCaptcha.
 - Store captcha in custom cache store.
@@ -106,116 +149,136 @@ WARNING!: This version have so many break changes!
 
 - Fix Session replay secure issue that when Rails application use CookieStore.
 
-1.0.0
------
+  1.0.0
+
+---
 
 - Adjust to avoid lighter colors.
 - Avoid continuous chars have same color.
 - Use same color for each chars in :black_white mode.
 
-0.5.1
------
+  0.5.1
+
+---
 
 - Make sure it will render image when ImageMagick stderr have warning messages. (#26)
 
-0.5.0
------
+  0.5.0
+
+---
 
 - Fix cache with Rails 5.
 
-0.4.5
------
+  0.4.5
+
+---
 
 - Removed `posix-spawn` dependency, used open3 instead (core funciontality), JRuby compatible (#24)
 
-0.4.4
------
+  0.4.4
+
+---
 
 - Remove deprecated `width`, `height` config.
 - Delete session key after verify (#23).
 - Lighter text color, improve style.
 
-0.4.2
------
+  0.4.2
+
+---
 
 - Fix NoMethodError bug when params[:_rucaptha] is nil.
 
-0.4.1
------
+  0.4.1
+
+---
 
 - Add error message to resource when captcha code expired.
 
-0.4.0
------
+  0.4.0
+
+---
 
 - Add `config.colorize` option, to allow use black text theme.
 
-0.3.3
------
+  0.3.3
+
+---
 
 - Add `config.expires_in` to allow change captcha code expire time.
 
-0.3.2.1
--------
+  0.3.2.1
+
+---
 
 - Add Windows development env support.
 
-0.3.2
------
+  0.3.2
+
+---
 
 - Make better render positions;
 - Trim blank space.
 
-0.3.1
------
+  0.3.1
+
+---
 
 - More complex Image render: compact text, strong lines, +/-5 rotate...
 - [DEPRECATION] config.width, config.height removed, use config.font_size.
 - Fix the render position in difference font sizes.
 - Fix input field type, and disable autocorrect, autocapitalize, and limit maxlength with char length;
 
-0.2.5
------
+  0.2.5
+
+---
 
 - Add `session[:_rucaptcha]` expire time, for protect Rails CookieSession Replay Attack.
 - Captcha input field disable autocomplete, and set field type as `email` for shown correct keyboard on mobile view.
 
-0.2.3
------
+  0.2.3
+
+---
 
 - It will raise error when call ImageMagick failed.
 
-0.2.2
------
+  0.2.2
+
+---
 
 - Added locale for pt-BR language; @ramirovjr
 
-0.2.1
------
+  0.2.1
+
+---
 
 - Fix issue when cache dir not exist.
 
-0.2.0
------
+  0.2.0
+
+---
 
 - Added file cache, can setup how many images you want generate by `config.cache_limit`,
   RuCaptcha will use cache for next requests.
   When you restart Rails processes it will generate new again and clean the old caches.
 
-0.1.4
------
+  0.1.4
+
+---
 
 - Fix `verify_rucaptcha?` logic in somecase.
 - Locales fixed.
 
-0.1.3
------
+  0.1.3
+
+---
 
 - `zh-TW` translate file fixed.
 - Use xxx_url to fix bad captcha URL for `config.action_controller.asset_host` enabled case.
 
-0.1.2
------
+  0.1.2
+
+---
 
 - No case sensitive;
 - Export config.implode;
@@ -223,12 +286,14 @@ WARNING!: This version have so many break changes!
 - Don't generate chars in 'l,o,0,1'.
 - Render lower case chars on image.
 
-0.1.1
------
+  0.1.1
+
+---
 
 - Include default validation I18n messages (en, zh-CN, zh-TW).
 
-0.1.0
------
+  0.1.0
+
+---
 
 - First release.

data/README.md

@@ -1,10 +1,13 @@
 # RuCaptcha
 
 [![Gem Version](https://badge.fury.io/rb/rucaptcha.svg)](https://badge.fury.io/rb/rucaptcha)
-[![Build Status](https://travis-ci.org/huacnlee/rucaptcha.svg)](https://travis-ci.org/huacnlee/rucaptcha)
+[![build](https://github.com/huacnlee/rucaptcha/workflows/build/badge.svg)](https://github.com/huacnlee/rucaptcha/actions?query=workflow%3Abuild)
 
 This is a Captcha gem for Rails Applications which generates captcha image by C code.
 
+> NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked. It is recommended that you use the IP rate limit to enhance the protection.
+> NOTE: 以 Ruby China 的使用来看，验证码似乎有低于 5% 的概率被 OCR 读取解析导致验证码被破解（我们从日志分析绝大多数是成功的，但偶尔一个成功，配合大量机器攻击，导致注册了很多的垃圾账号），建议你额外配合 IP 频率限制的功能来加强保护。
+
 [中文介绍和使用说明](https://ruby-china.org/topics/27832)
 
 ## Example
@@ -47,7 +50,7 @@ RuCaptcha.configure do
   # self.length = 5
   # enable/disable Strikethrough.
   # self.strikethrough = true
-  # enable/disable Outline style, for hard mode
+  # enable/disable Outline style
   # self.outline = false
 end
 ```
@@ -61,6 +64,7 @@ RuCaptcha 没有使用 Rails Session 来存储验证码信息，因为 Rails 的
 所以，我建议大家使用的时候，配置上 `cache_store` （详见 [Rails Guides 缓存配置部分](https://ruby-china.github.io/rails-guides/caching_with_rails.html#%E9%85%8D%E7%BD%AE)的文档）到一个 Memcached 或 Redis，这才是最佳实践。
 
 #
+
 (RuCaptha do not use Rails Session to store captcha information. As the default session is stored in Cookie in Rails, there's a [Replay attack](https://en.wikipedia.org/wiki/Replay_attack) bug which may causes capthcha being destroyed if we store captcha in Rails Session.
 
 So in my design I require RuCaptcha to configure a distributed backend storage scheme, such as Memcached, Redis or other cache_store schemes which support distribution.

data/app/controllers/ru_captcha/captcha_controller.rb

@@ -2,10 +2,11 @@ module RuCaptcha
   class CaptchaController < ActionController::Base
     def index
       return head :ok if request.head?
-      headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
-      headers['Pragma'] = 'no-cache'
+
+      headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
+      headers["Pragma"] = "no-cache"
       data = generate_rucaptcha
-      opts = { disposition: 'inline', type: 'image/gif' }
+      opts = { disposition: "inline", type: "image/gif" }
       send_data data, opts
     end
   end

data/config/locales/rucaptcha.en.yml

@@ -1,3 +1,3 @@
 en:
   rucaptcha:
-    invalid: "Captcha invalid!"
+    invalid: "The captcha code is incorrect (if you can't read, you can click image to refresh it)"

data/config/locales/rucaptcha.zh-CN.yml

@@ -1,3 +1,3 @@
 'zh-CN':
   rucaptcha:
-    invalid: "验证码不正确"
+    invalid: "验证码不正确（如无法识别，可以点击刷新验证码）"

data/config/locales/rucaptcha.zh-TW.yml

@@ -1,3 +1,3 @@
 'zh-TW':
   rucaptcha:
-    invalid: "驗證碼不正確"
+    invalid: "驗證碼不正確（如無法識別，可以點擊刷新驗證碼）"

data/config/routes.rb

@@ -1,3 +1,3 @@
 RuCaptcha::Engine.routes.draw do
-  root to: 'captcha#index'
+  root to: "captcha#index"
 end

data/ext/rucaptcha/extconf.rb

@@ -1,2 +1,2 @@
-require 'mkmf'
-create_makefile('rucaptcha/rucaptcha')
+require "mkmf"
+create_makefile("rucaptcha/rucaptcha")

data/lib/rucaptcha.rb

@@ -1,19 +1,20 @@
-require 'rails'
-require 'action_controller'
-require 'active_support/all'
-require 'rucaptcha/rucaptcha'
-require 'rucaptcha/version'
-require 'rucaptcha/configuration'
-require 'rucaptcha/controller_helpers'
-require 'rucaptcha/view_helpers'
-require 'rucaptcha/cache'
-require 'rucaptcha/engine'
-require 'rucaptcha/errors/configuration'
+require "rails"
+require "action_controller"
+require "active_support/all"
+require "rucaptcha/rucaptcha"
+require "rucaptcha/version"
+require "rucaptcha/configuration"
+require "rucaptcha/controller_helpers"
+require "rucaptcha/view_helpers"
+require "rucaptcha/cache"
+require "rucaptcha/engine"
+require "rucaptcha/errors/configuration"
 
 module RuCaptcha
   class << self
     def config
       return @config if defined?(@config)
+
       @config = Configuration.new
       @config.style         = :colorful
       @config.length        = 5
@@ -22,11 +23,11 @@ module RuCaptcha
       @config.expires_in    = 2.minutes
       @config.skip_cache_store_check = false
 
-      if Rails.application
-        @config.cache_store = Rails.application.config.cache_store
-      else
-        @config.cache_store = :mem_cache_store
-      end
+      @config.cache_store = if Rails.application
+                              Rails.application.config.cache_store
+                            else
+                              :mem_cache_store
+                            end
       @config.cache_store
       @config
     end
@@ -35,24 +36,22 @@ module RuCaptcha
       config.instance_exec(&block)
     end
 
-    def generate()
+    def generate
       style = config.style == :colorful ? 1 : 0
       length = config.length
 
-      unless length.in?(3..7)
-        raise Rucaptcha::Errors::Configuration, 'length config error, value must in 3..7'
-      end
+      raise RuCaptcha::Errors::Configuration, "length config error, value must in 3..7" unless length.in?(3..7)
 
       strikethrough = config.strikethrough ? 1 : 0
       outline = config.outline ? 1 : 0
-      self.create(style, length, strikethrough, outline)
+      create(style, length, strikethrough, outline)
     end
 
     def check_cache_store!
       cache_store = RuCaptcha.config.cache_store
       store_name = cache_store.is_a?(Array) ? cache_store.first : cache_store
-      if [:memory_store, :null_store, :file_store].include?(store_name)
-        RuCaptcha.config.cache_store = [:file_store, Rails.root.join('tmp/cache/rucaptcha/session')]
+      if %i[memory_store null_store file_store].include?(store_name)
+        RuCaptcha.config.cache_store = [:file_store, Rails.root.join("tmp/cache/rucaptcha/session")]
 
         puts "
 
@@ -72,7 +71,7 @@ module RuCaptcha
 end
 
 ActiveSupport.on_load(:action_controller) do
-  ActionController::Base.send :include, RuCaptcha::ControllerHelpers
+  ActionController::Base.include RuCaptcha::ControllerHelpers
 end
 
 ActiveSupport.on_load(:action_view) do

data/lib/rucaptcha/cache.rb

@@ -1,9 +1,10 @@
-require 'fileutils'
+require "fileutils"
 
 module RuCaptcha
   class << self
     def cache
       return @cache if defined? @cache
+
       @cache = ActiveSupport::Cache.lookup_store(RuCaptcha.config.cache_store)
       @cache
     end

data/lib/rucaptcha/controller_helpers.rb

@@ -10,12 +10,16 @@ module RuCaptcha
     def rucaptcha_sesion_key_key
       session_id = session.respond_to?(:id) ? session.id : session[:session_id]
       warning_when_session_invalid if session_id.blank?
-      ['rucaptcha-session', session_id].join(':')
+
+      # With https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
+      # to protected session_id into secret
+      session_id_digest = Digest::SHA256.hexdigest(session_id.inspect)
+      ["rucaptcha-session", session_id_digest].join(":")
     end
 
     # Generate a new Captcha
     def generate_rucaptcha
-      res = RuCaptcha.generate()
+      res = RuCaptcha.generate
       session_val = {
         code: res[0],
         time: Time.now.to_i
@@ -39,7 +43,7 @@ module RuCaptcha
     #   verify_rucaptcha?(nil, keep_session: true)
     #   verify_rucaptcha?(nil, captcha: params[:user][:captcha])
     #
-    def verify_rucaptcha?(resource = nil, opts = {})
+    def verify_rucaptcha?(_resource = nil, opts = {})
       opts ||= {}
 
       store_info = RuCaptcha.cache.read(rucaptcha_sesion_key_key)
@@ -47,24 +51,16 @@ module RuCaptcha
       RuCaptcha.cache.delete(rucaptcha_sesion_key_key) unless opts[:keep_session]
 
       # Make sure session exist
-      if store_info.blank?
-        return add_rucaptcha_validation_error
-      end
+      return add_rucaptcha_validation_error if store_info.blank?
 
       # Make sure not expire
-      if (Time.now.to_i - store_info[:time]) > RuCaptcha.config.expires_in
-        return add_rucaptcha_validation_error
-      end
+      return add_rucaptcha_validation_error if (Time.now.to_i - store_info[:time]) > RuCaptcha.config.expires_in
 
       # Make sure parama have captcha
-      captcha = (opts[:captcha] || params[:_rucaptcha] || '').downcase.strip
-      if captcha.blank?
-        return add_rucaptcha_validation_error
-      end
+      captcha = (opts[:captcha] || params[:_rucaptcha] || "").downcase.strip
+      return add_rucaptcha_validation_error if captcha.blank?
 
-      if captcha != store_info[:code]
-        return add_rucaptcha_validation_error
-      end
+      return add_rucaptcha_validation_error if captcha != store_info[:code]
 
       true
     end
@@ -73,12 +69,14 @@ module RuCaptcha
 
     def add_rucaptcha_validation_error
       if defined?(resource) && resource && resource.respond_to?(:errors)
-        resource.errors.add(:base, t('rucaptcha.invalid'))
+        resource.errors.add(:base, t("rucaptcha.invalid"))
       end
       false
     end
 
     def warning_when_session_invalid
+      return unless Rails.env.development?
+
       Rails.logger.warn "
         WARNING! The session.id is blank, RuCaptcha can't work properly, please keep session available.
         More details about this: https://github.com/huacnlee/rucaptcha/pull/66

data/lib/rucaptcha/engine.rb

@@ -2,11 +2,11 @@ module RuCaptcha
   class Engine < ::Rails::Engine
     isolate_namespace RuCaptcha
 
-    initializer 'rucaptcha.init' do |app|
+    initializer "rucaptcha.init" do |app|
       # https://github.com/rails/rails/blob/3-2-stable/actionpack/lib/action_dispatch/routing/route_set.rb#L268
       # `app.routes.prepend` start from Rails 3.2 - 5.0
       app.routes.prepend do
-        mount RuCaptcha::Engine => '/rucaptcha'
+        mount RuCaptcha::Engine => "/rucaptcha"
       end
 
       RuCaptcha.check_cache_store! unless RuCaptcha.config.skip_cache_store_check

data/lib/rucaptcha/errors/configuration.rb

@@ -1,4 +1,4 @@
-module Rucaptcha
+module RuCaptcha
   module Errors
     class Configuration < StandardError; end
   end

data/lib/rucaptcha/version.rb

@@ -1,3 +1,3 @@
 module RuCaptcha
-  VERSION = '2.4.0'
+  VERSION = "2.5.4"
 end

data/lib/rucaptcha/view_helpers.rb

@@ -1,19 +1,21 @@
 module RuCaptcha
   module ViewHelpers
     def rucaptcha_input_tag(opts = {})
-      opts[:name]           = '_rucaptcha'
-      opts[:type]           = 'text'
-      opts[:autocorrect]    = 'off'
-      opts[:autocapitalize] = 'off'
-      opts[:pattern]        = '[a-zA-Z]*'
-      opts[:autocomplete]   = 'off'
-      opts[:maxlength] ||= 5
+      opts[:name]           = "_rucaptcha"
+      opts[:type]           = "text"
+      opts[:autocorrect]    = "off"
+      opts[:autocapitalize] = "off"
+      opts[:pattern]        = "[a-zA-Z]*"
+      opts[:autocomplete]   = "off"
+      opts[:maxlength]      = RuCaptcha.config.length
       tag(:input, opts)
     end
 
     def rucaptcha_image_tag(opts = {})
-      opts[:class] = opts[:class] || 'rucaptcha-image'
-      image_tag(ru_captcha.root_path, opts)
+      opts[:class] = opts[:class] || "rucaptcha-image"
+      opts[:src] = ru_captcha.root_path
+      opts[:onclick] = "this.src = '#{ru_captcha.root_path}?t=' + Date.now();"
+      tag(:img, opts)
     end
   end
 end

metadata

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rucaptcha
 version: !ruby/object:Gem::Version
-  version: 2.4.0
+  version: 2.5.4
 platform: ruby
 authors:
 - Jason Lee
-autorequire: 
+autorequire:
 bindir: bin
 cert_chain: []
-date: 2019-01-22 00:00:00.000000000 Z
+date: 2021-01-25 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties
@@ -38,7 +38,7 @@ dependencies:
     - - "~>"
       - !ruby/object:Gem::Version
         version: '1'
-description: 
+description:
 email: huacnlee@gmail.com
 executables: []
 extensions:
@@ -69,7 +69,7 @@ homepage: https://github.com/huacnlee/rucaptcha
 licenses:
 - MIT
 metadata: {}
-post_install_message: 
+post_install_message:
 rdoc_options: []
 require_paths:
 - lib
@@ -84,8 +84,8 @@ required_rubygems_version: !ruby/object:Gem::Requirement
     - !ruby/object:Gem::Version
       version: '0'
 requirements: []
-rubygems_version: 3.0.1
-signing_key: 
+rubygems_version: 3.1.4
+signing_key:
 specification_version: 4
 summary: This is a Captcha gem for Rails Applications. It drawing captcha image with
   C code so it no dependencies.