rucaptcha 2.5.0 → 2.5.5

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: 5a58f20f1ef6086b65e9757fe604e55139a56f44176e4ea46894b8710665d9b5
-  data.tar.gz: 9442b66aa703b5d1837cb573188f77bd24f15b175be88fc6d6bc8409134de186
+  metadata.gz: e9d3d4dbd1dc22a2d97ed2d3d1fcc248621bbc97a90e0823c024244de9493c57
+  data.tar.gz: 2d430de72e74176b92b021bf4f0462ba8f73ba147e3522c47f554ee8f72d3e9f
 SHA512:
-  metadata.gz: '0830fbcb86e8a03ab8eda20bcb1256daf86a4c6c57627c56899b7f17c7e8eb7144d2ac434e2e2b6301e7b9767445fe1a9611a752bd3836039b454fbabe9d81c8'
-  data.tar.gz: f9e747a5adfc9388cb6c45d23088c6f374e45a0fd5d621d1b0dc0f35c3fb08469dc641ceb120a9068cb2aee7a738e22e18d81b61861c196d22f1e80a374d488b
+  metadata.gz: bc1c19827b035d8e50e4ce9c42d39f4df4ceff1682b1eacc866d69d3c61b4bf723b51705e1eb275880aa8b7161c7baeff6ca591b509528899c1097bd66381c65
+  data.tar.gz: 0174b9a8e99f194d51fc69126f3fe1d38292b863db10fbbf8a76f2a1843ff23f882871613edc67c946c88a29cd26b9f37b3fd73b11457128cc1e6c371f234b29

data/CHANGELOG.md

@@ -1,78 +1,115 @@
-2.5.0
--------
+## 2.5.5
+
+- Improved image for thicker interference lines.
+- Add more colors.
+
+## 2.5.4
+
+- Fix: rucaptcha input maxlength attribute with config value.
+
+  2.5.3
+
+---
+
+- Fix session invalid warning, only for development env;
+
+  2.5.2
+
+---
+
+- Fix session.id error with upgrade Rails 6.0.2.1 or Rack 2.0.8 (#84)
+
+  2.5.1
+
+---
+
+- Fix invalid module name error. (#78)
+
+  2.5.0
+
+---
 
 - Support click captcha image to refresh new one by default.
 - Use simple tag helper generate captcha img html, for avoid asset_host (#73).
 
-2.4.0
--------
+  2.4.0
+
+---
 
 - Add skip_cache_store_check configuration. (#63)
 - Fix for generate captcha with relative path, not url. (#58)
 
-2.3.2
--------
+  2.3.2
+
+---
 
 - Change Yellow and Green colors to Pink and Deep Purple to pass WCAG 2.0's contrast test. (#70)
 
-2.3.1
--------
+  2.3.1
+
+---
 
 - Fix #67 a y chars will invalid error (only in 2.3.0).
 
-2.3.0
--------
+  2.3.0
+
+---
 
 - Add `config.outline` for use outline style.
 - Reduce colors down to 5 (red, blue, green, yellow and black).
 
-2.2.0
------
+  2.2.0
+
+---
 
 - Add option `config.length` for support change number chars. (#57)
 - Add option `config.strikethrough` for enable or disable strikethrough. (#57)
 
-2.1.3
------
+  2.1.3
+
+---
 
 - Windows support fixed with `send_data` method. (#45)
 
-2.1.2
------
+  2.1.2
+
+---
 
 - Do not change captcha when `HEAD /rucaptcha`.
 
-2.1.1
------
+  2.1.1
+
+---
 
 - Mount engine use `prepend` method to get high priority in config/routes.rb.
 
-2.1.0
------
+  2.1.0
+
+---
 
 - Mount Router by default, not need config now.
 
   > IMPORTANT: Wen you upgrade this version, you need remove `mount RuCaptcha::Engine` line from your `config/routes.rb`
+
 - Default use [:file_store, 'tmp/cache/rucaptcha/session'] as RuCaptcha.config.cache_store, now it can work without any configurations.
 
 > NOTE: But you still need care about `config.cache_store` to setup on a right way.
 
-
-
-2.0.3
------
+## 2.0.3
 
 - Use `ActiveSupport.on_load` to extend ActionController and ActionView.
 
-2.0.1
------
+  2.0.1
+
+---
 
 - Fix `/rucaptcha` path issue when `config.action_controller.asset_host` has setup with CDN url.
 
-2.0.0
------
+  2.0.0
+
+---
 
-*Break Changes!*
+_Break Changes!_
 
 WARNING!: This version have so many break changes!
 
@@ -81,29 +118,34 @@ WARNING!: This version have so many break changes!
 - Remove `len`, `font_size`, `cache_limit` config key, no support now.
 - Output `GIF` format.
 
-1.2.0
------
+  1.2.0
+
+---
 
 - Add an `:keep_session` option for `verify_rucaptcha?` method to giva a way for let you keep session on verify, if true, RuCaptcha will not delete the captcha code session after validation.
 
-1.1.4
------
+  1.1.4
+
+---
 
 - Fix #35 just give a warning message if not setup a right cache_store, only raise on :null_store.
 
-1.1.2
------
+  1.1.2
+
+---
 
 - Fix #34 rucaptcha.root_url -> root_path, to avoid generate a http url in a https application.
 - Fix spec to require Ruby 2.0.0, because there have a `Module#prepend` method called.
 
-1.1.1
------
+  1.1.1
+
+---
 
 - Remove inspect log on verify_rucaptcha
 
-1.1.0
------
+  1.1.0
+
+---
 
 - Add `cache_store` config key to setup a cache store location for RuCaptcha.
 - Store captcha in custom cache store.
@@ -112,116 +154,136 @@ WARNING!: This version have so many break changes!
 
 - Fix Session replay secure issue that when Rails application use CookieStore.
 
-1.0.0
------
+  1.0.0
+
+---
 
 - Adjust to avoid lighter colors.
 - Avoid continuous chars have same color.
 - Use same color for each chars in :black_white mode.
 
-0.5.1
------
+  0.5.1
+
+---
 
 - Make sure it will render image when ImageMagick stderr have warning messages. (#26)
 
-0.5.0
------
+  0.5.0
+
+---
 
 - Fix cache with Rails 5.
 
-0.4.5
------
+  0.4.5
+
+---
 
 - Removed `posix-spawn` dependency, used open3 instead (core funciontality), JRuby compatible (#24)
 
-0.4.4
------
+  0.4.4
+
+---
 
 - Remove deprecated `width`, `height` config.
 - Delete session key after verify (#23).
 - Lighter text color, improve style.
 
-0.4.2
------
+  0.4.2
+
+---
 
 - Fix NoMethodError bug when params[:_rucaptha] is nil.
 
-0.4.1
------
+  0.4.1
+
+---
 
 - Add error message to resource when captcha code expired.
 
-0.4.0
------
+  0.4.0
+
+---
 
 - Add `config.colorize` option, to allow use black text theme.
 
-0.3.3
------
+  0.3.3
+
+---
 
 - Add `config.expires_in` to allow change captcha code expire time.
 
-0.3.2.1
--------
+  0.3.2.1
+
+---
 
 - Add Windows development env support.
 
-0.3.2
------
+  0.3.2
+
+---
 
 - Make better render positions;
 - Trim blank space.
 
-0.3.1
------
+  0.3.1
+
+---
 
 - More complex Image render: compact text, strong lines, +/-5 rotate...
 - [DEPRECATION] config.width, config.height removed, use config.font_size.
 - Fix the render position in difference font sizes.
 - Fix input field type, and disable autocorrect, autocapitalize, and limit maxlength with char length;
 
-0.2.5
------
+  0.2.5
+
+---
 
 - Add `session[:_rucaptcha]` expire time, for protect Rails CookieSession Replay Attack.
 - Captcha input field disable autocomplete, and set field type as `email` for shown correct keyboard on mobile view.
 
-0.2.3
------
+  0.2.3
+
+---
 
 - It will raise error when call ImageMagick failed.
 
-0.2.2
------
+  0.2.2
+
+---
 
 - Added locale for pt-BR language; @ramirovjr
 
-0.2.1
------
+  0.2.1
+
+---
 
 - Fix issue when cache dir not exist.
 
-0.2.0
------
+  0.2.0
+
+---
 
 - Added file cache, can setup how many images you want generate by `config.cache_limit`,
   RuCaptcha will use cache for next requests.
   When you restart Rails processes it will generate new again and clean the old caches.
 
-0.1.4
------
+  0.1.4
+
+---
 
 - Fix `verify_rucaptcha?` logic in somecase.
 - Locales fixed.
 
-0.1.3
------
+  0.1.3
+
+---
 
 - `zh-TW` translate file fixed.
 - Use xxx_url to fix bad captcha URL for `config.action_controller.asset_host` enabled case.
 
-0.1.2
------
+  0.1.2
+
+---
 
 - No case sensitive;
 - Export config.implode;
@@ -229,12 +291,14 @@ WARNING!: This version have so many break changes!
 - Don't generate chars in 'l,o,0,1'.
 - Render lower case chars on image.
 
-0.1.1
------
+  0.1.1
+
+---
 
 - Include default validation I18n messages (en, zh-CN, zh-TW).
 
-0.1.0
------
+  0.1.0
+
+---
 
 - First release.

data/README.md

@@ -1,10 +1,13 @@
 # RuCaptcha
 
 [![Gem Version](https://badge.fury.io/rb/rucaptcha.svg)](https://badge.fury.io/rb/rucaptcha)
-[![Build Status](https://travis-ci.org/huacnlee/rucaptcha.svg)](https://travis-ci.org/huacnlee/rucaptcha)
+[![build](https://github.com/huacnlee/rucaptcha/workflows/build/badge.svg)](https://github.com/huacnlee/rucaptcha/actions?query=workflow%3Abuild)
 
 This is a Captcha gem for Rails Applications which generates captcha image by C code.
 
+> NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked. It is recommended that you use the IP rate limit to enhance the protection.
+> NOTE: 以 Ruby China 的使用来看，验证码似乎有低于 5% 的概率被 OCR 读取解析导致验证码被破解（我们从日志分析绝大多数是成功的，但偶尔一个成功，配合大量机器攻击，导致注册了很多的垃圾账号），建议你额外配合 IP 频率限制的功能来加强保护。
+
 [中文介绍和使用说明](https://ruby-china.org/topics/27832)
 
 ## Example
@@ -47,7 +50,7 @@ RuCaptcha.configure do
   # self.length = 5
   # enable/disable Strikethrough.
   # self.strikethrough = true
-  # enable/disable Outline style, for hard mode
+  # enable/disable Outline style
   # self.outline = false
 end
 ```
@@ -61,6 +64,7 @@ RuCaptcha 没有使用 Rails Session 来存储验证码信息，因为 Rails 的
 所以，我建议大家使用的时候，配置上 `cache_store` （详见 [Rails Guides 缓存配置部分](https://ruby-china.github.io/rails-guides/caching_with_rails.html#%E9%85%8D%E7%BD%AE)的文档）到一个 Memcached 或 Redis，这才是最佳实践。
 
 #
+
 (RuCaptha do not use Rails Session to store captcha information. As the default session is stored in Cookie in Rails, there's a [Replay attack](https://en.wikipedia.org/wiki/Replay_attack) bug which may causes capthcha being destroyed if we store captcha in Rails Session.
 
 So in my design I require RuCaptcha to configure a distributed backend storage scheme, such as Memcached, Redis or other cache_store schemes which support distribution.

data/app/controllers/ru_captcha/captcha_controller.rb

@@ -2,10 +2,11 @@ module RuCaptcha
   class CaptchaController < ActionController::Base
     def index
       return head :ok if request.head?
-      headers['Cache-Control'] = 'no-cache, no-store, max-age=0, must-revalidate'
-      headers['Pragma'] = 'no-cache'
+
+      headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
+      headers["Pragma"] = "no-cache"
       data = generate_rucaptcha
-      opts = { disposition: 'inline', type: 'image/gif' }
+      opts = { disposition: "inline", type: "image/gif" }
       send_data data, opts
     end
   end

data/config/locales/rucaptcha.en.yml

@@ -1,3 +1,3 @@
 en:
   rucaptcha:
-    invalid: "Captcha invalid!"
+    invalid: "The captcha code is incorrect (if you can't read, you can click image to refresh it)"

data/config/locales/rucaptcha.zh-CN.yml

@@ -1,3 +1,3 @@
 'zh-CN':
   rucaptcha:
-    invalid: "验证码不正确"
+    invalid: "验证码不正确（如无法识别，可以点击刷新验证码）"