rucaptcha 1.0.2 → 1.1.0
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +4 -8
- data/README.md +5 -14
- data/lib/rucaptcha.rb +1 -0
- data/lib/rucaptcha/cache.rb +14 -6
- data/lib/rucaptcha/configuration.rb +4 -1
- data/lib/rucaptcha/controller_helpers.rb +41 -13
- data/lib/rucaptcha/engine.rb +13 -7
- data/lib/rucaptcha/version.rb +1 -1
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA1:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: f866a9984159daf5bfa88cc57e9a9f17f0ba4621
|
4
|
+
data.tar.gz: a085e7fbd93873d73144b0c812f9f59e73b1cc4f
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: 64a044dc52179ba06b50e17dfcd926d36cf7da4c82c2bc553cab20098067e9bbb8d6065784985c3128afb3cddd139377c78972ee22445189c3bc56cf55088313
|
7
|
+
data.tar.gz: dd64400366f3ca5e458f2426b344d1f657790bd9dfff9de4efbdb4c80a0531e94c8095f7c7dd6dea55dc73bf43b18e2333461ea3794ffaf19b821c7a71fb4f9f
|
data/CHANGELOG.md
CHANGED
@@ -1,17 +1,13 @@
|
|
1
|
-
1.0
|
2
|
-
|
3
|
-
- Revert 1.0.1 changes, still store code in Session, `Rails.cache` not a not place in difference environments.
|
4
|
-
for exampe: Not enable cache, File cache will have bug.
|
5
|
-
- Give a warning when user use CookieStore.
|
6
|
-
|
7
|
-
1.0.1
|
1
|
+
1.1.0
|
8
2
|
-----
|
9
3
|
|
4
|
+
- Add `cache_store` config key to setup a cache store location for RuCaptcha.
|
5
|
+
- Store captcha in custom cache store.
|
6
|
+
|
10
7
|
## Security Notes
|
11
8
|
|
12
9
|
- Fix Session replay secure issue that when Rails application use CookieStore.
|
13
10
|
|
14
|
-
|
15
11
|
1.0.0
|
16
12
|
-----
|
17
13
|
|
data/README.md
CHANGED
@@ -45,20 +45,6 @@ brew install imagemagick ghostscript
|
|
45
45
|
|
46
46
|
## Usage
|
47
47
|
|
48
|
-
**Security Notice!**
|
49
|
-
|
50
|
-
You need change your application Session store from `CookieStore` (Rails default) to backend store location.
|
51
|
-
|
52
|
-
- [:active_session_store](https://github.com/rails/activerecord-session_store)
|
53
|
-
- [:memcached_store](http://api.rubyonrails.org/classes/ActionDispatch/Session/MemCacheStore.html)
|
54
|
-
- [:redis_session_store](https://github.com/roidrage/redis-session-store)
|
55
|
-
|
56
|
-
config/initializers/session_store.rb
|
57
|
-
|
58
|
-
```rb
|
59
|
-
Rails.application.config.session_store :redis_session_store, { ... }
|
60
|
-
```
|
61
|
-
|
62
48
|
Put rucaptcha in your `Gemfile`:
|
63
49
|
|
64
50
|
```
|
@@ -80,6 +66,11 @@ RuCaptcha.configure do
|
|
80
66
|
# self.expires_in = 120
|
81
67
|
# Color style, default: :colorful, allows: [:colorful, :black_white]
|
82
68
|
# self.style = :colorful
|
69
|
+
# [Requirement]
|
70
|
+
# Store Captcha code where, this config more like Rails config.cache_store
|
71
|
+
# default: Rails application config.cache_store
|
72
|
+
# But RuCaptcha requirements cache_store not in [:null_store, :memory_store, :file_store]
|
73
|
+
self.cache_store = :mem_cache_store
|
83
74
|
end
|
84
75
|
```
|
85
76
|
|
data/lib/rucaptcha.rb
CHANGED
data/lib/rucaptcha/cache.rb
CHANGED
@@ -1,6 +1,14 @@
|
|
1
1
|
require 'fileutils'
|
2
2
|
|
3
3
|
module RuCaptcha
|
4
|
+
class << self
|
5
|
+
def cache
|
6
|
+
return @cache if defined? @cache
|
7
|
+
@cache = ActiveSupport::Cache.lookup_store(RuCaptcha.config.cache_store)
|
8
|
+
@cache
|
9
|
+
end
|
10
|
+
end
|
11
|
+
|
4
12
|
# File Cache
|
5
13
|
module Cache
|
6
14
|
def self.prepended(base)
|
@@ -11,7 +19,7 @@ module RuCaptcha
|
|
11
19
|
|
12
20
|
module ClassMethods
|
13
21
|
def create(code)
|
14
|
-
|
22
|
+
file_cache.fetch(code, expires_in: 1.days) do
|
15
23
|
super(code)
|
16
24
|
end
|
17
25
|
end
|
@@ -26,15 +34,15 @@ module RuCaptcha
|
|
26
34
|
code
|
27
35
|
end
|
28
36
|
|
29
|
-
def
|
30
|
-
return @
|
37
|
+
def file_cache
|
38
|
+
return @file_cache if defined?(@file_cache)
|
31
39
|
|
32
40
|
cache_path = Rails.root.join('tmp', 'cache', 'rucaptcha')
|
33
41
|
FileUtils.mkdir_p(cache_path) unless File.exist? cache_path
|
34
|
-
@
|
42
|
+
@file_cache = ActiveSupport::Cache::FileStore.new(cache_path)
|
35
43
|
# clear expired captcha cache files on Process restart
|
36
|
-
@
|
37
|
-
@
|
44
|
+
@file_cache.cleanup
|
45
|
+
@file_cache
|
38
46
|
end
|
39
47
|
|
40
48
|
def cached_codes
|
@@ -6,12 +6,15 @@ module RuCaptcha
|
|
6
6
|
attr_accessor :len
|
7
7
|
# implode, default 0.3
|
8
8
|
attr_accessor :implode
|
9
|
+
# Store Captcha code where, this config more like Rails config.cache_store
|
10
|
+
# default: Rails application config.cache_store
|
11
|
+
attr_accessor :cache_store
|
9
12
|
# Number of Captcha codes limit
|
10
13
|
# set 0 to disable limit and file cache, default: 100
|
11
14
|
attr_accessor :cache_limit
|
12
15
|
# Color style, default: :colorful, allows: [:colorful, :black_white]
|
13
16
|
attr_accessor :style
|
14
|
-
#
|
17
|
+
# rucaptcha expire time, default 2 minutes
|
15
18
|
attr_accessor :expires_in
|
16
19
|
end
|
17
20
|
end
|
@@ -6,28 +6,56 @@ module RuCaptcha
|
|
6
6
|
helper_method :verify_rucaptcha?
|
7
7
|
end
|
8
8
|
|
9
|
-
def
|
10
|
-
session
|
11
|
-
|
9
|
+
def rucaptcha_sesion_key_key
|
10
|
+
['rucaptcha-session', session.id].join(':')
|
11
|
+
end
|
12
12
|
|
13
|
-
|
13
|
+
def generate_rucaptcha
|
14
|
+
code = RuCaptcha::Captcha.random_chars
|
15
|
+
session_val = {
|
16
|
+
code: code,
|
17
|
+
time: Time.now.to_i
|
18
|
+
}
|
19
|
+
RuCaptcha.cache.write(rucaptcha_sesion_key_key, session_val, expires_in: RuCaptcha.config.expires_in)
|
20
|
+
RuCaptcha::Captcha.create(code)
|
14
21
|
end
|
15
22
|
|
16
23
|
def verify_rucaptcha?(resource = nil)
|
17
|
-
|
18
|
-
|
24
|
+
store_info = RuCaptcha.cache.read(rucaptcha_sesion_key_key)
|
25
|
+
# make sure move used key
|
26
|
+
RuCaptcha.cache.delete(rucaptcha_sesion_key_key)
|
19
27
|
|
20
|
-
#
|
21
|
-
|
22
|
-
|
23
|
-
valid = captcha.present? && captcha == session.delete(:_rucaptcha)
|
28
|
+
# Make sure session exist
|
29
|
+
if store_info.blank?
|
30
|
+
return add_rucaptcha_validation_error
|
24
31
|
end
|
25
32
|
|
26
|
-
|
27
|
-
|
33
|
+
# Make sure not expire
|
34
|
+
puts "-------------- #{store_info.inspect}"
|
35
|
+
if (Time.now.to_i - store_info[:time]) > RuCaptcha.config.expires_in
|
36
|
+
return add_rucaptcha_validation_error
|
37
|
+
end
|
38
|
+
|
39
|
+
# Make sure parama have captcha
|
40
|
+
captcha = (params[:_rucaptcha] || '').downcase.strip
|
41
|
+
if captcha.blank?
|
42
|
+
return add_rucaptcha_validation_error
|
28
43
|
end
|
29
44
|
|
30
|
-
|
45
|
+
if captcha != store_info[:code]
|
46
|
+
return add_rucaptcha_validation_error
|
47
|
+
end
|
48
|
+
|
49
|
+
true
|
50
|
+
end
|
51
|
+
|
52
|
+
private
|
53
|
+
|
54
|
+
def add_rucaptcha_validation_error
|
55
|
+
if defined?(resource) && resource && resource.respond_to?(:errors)
|
56
|
+
resource.errors.add(:base, t('rucaptcha.invalid'))
|
57
|
+
end
|
58
|
+
false
|
31
59
|
end
|
32
60
|
end
|
33
61
|
end
|
data/lib/rucaptcha/engine.rb
CHANGED
@@ -8,13 +8,19 @@ module RuCaptcha
|
|
8
8
|
RuCaptcha::Captcha.send(:prepend, RuCaptcha::Cache)
|
9
9
|
end
|
10
10
|
|
11
|
-
|
12
|
-
|
13
|
-
[
|
14
|
-
|
15
|
-
|
16
|
-
|
17
|
-
|
11
|
+
cache_store = RuCaptcha.config.cache_store
|
12
|
+
store_name = cache_store.is_a?(Array) ? cache_store.first : cache_store
|
13
|
+
if [:memory_store, :null_store, :file_store].include?(store_name)
|
14
|
+
raise "
|
15
|
+
|
16
|
+
RuCaptcha's cache_store requirements are stored across processes and machines,
|
17
|
+
such as :mem_cache_store, :redis_store, or other distributed storage.
|
18
|
+
But your current set is :#{store_name}.
|
19
|
+
|
20
|
+
Please make config file `config/initializes/rucaptcha.rb` to setup `cache_store`.
|
21
|
+
More infomation please read GitHub rucaptcha README file.
|
22
|
+
|
23
|
+
"
|
18
24
|
end
|
19
25
|
end
|
20
26
|
end
|
data/lib/rucaptcha/version.rb
CHANGED
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rucaptcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 1.0
|
4
|
+
version: 1.1.0
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jason Lee
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date: 2016-10-
|
11
|
+
date: 2016-10-29 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|