RubyGems - rucaptcha - Versions diffs - 1.0.2 → 1.1.0 - Mend

rucaptcha 1.0.2 → 1.1.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (10) hide show

checksums.yaml +4 -4
data/CHANGELOG.md +4 -8
data/README.md +5 -14
data/lib/rucaptcha.rb +1 -0
data/lib/rucaptcha/cache.rb +14 -6
data/lib/rucaptcha/configuration.rb +4 -1
data/lib/rucaptcha/controller_helpers.rb +41 -13
data/lib/rucaptcha/engine.rb +13 -7
data/lib/rucaptcha/version.rb +1 -1
metadata +2 -2

checksums.yaml CHANGED Viewed

@@ -1,7 +1,7 @@
 ---
 SHA1:
-  metadata.gz: 0a21e9918f323f2e1d72df0dec2186b77ca163f6
-  data.tar.gz: f061a697f5ba7dc28fc6e01ff31e19b402fa436e
+  metadata.gz: f866a9984159daf5bfa88cc57e9a9f17f0ba4621
+  data.tar.gz: a085e7fbd93873d73144b0c812f9f59e73b1cc4f
 SHA512:
-  metadata.gz: 646cbe8bbf5f2b9a6187cf3793d167085c5059099f118c84589abc097fe8160a56ad03dd83f34ad1c23eec252ccab9ee08a448b7aea30e22781a7dc45d6b3cd8
-  data.tar.gz: 43d06670a614bfb467537c6cb3af87686eacdb72d9ff9c518da1d53e7b956bef16c3c4ff4b74b9441d9828d35ab1a92e27d29d9afc4d0ba8240869fc3fef70b8
+  metadata.gz: 64a044dc52179ba06b50e17dfcd926d36cf7da4c82c2bc553cab20098067e9bbb8d6065784985c3128afb3cddd139377c78972ee22445189c3bc56cf55088313
+  data.tar.gz: dd64400366f3ca5e458f2426b344d1f657790bd9dfff9de4efbdb4c80a0531e94c8095f7c7dd6dea55dc73bf43b18e2333461ea3794ffaf19b821c7a71fb4f9f

data/CHANGELOG.md CHANGED Viewed

@@ -1,17 +1,13 @@
-1.0.2
-- Revert 1.0.1 changes, still store code in Session, `Rails.cache` not a not place in difference environments.
-  for exampe: Not enable cache, File cache will have bug.
-- Give a warning when user use CookieStore.
-1.0.1
+1.1.0
 -----
+- Add `cache_store` config key to setup a cache store location for RuCaptcha.
+- Store captcha in custom cache store.
 ## Security Notes
 - Fix Session replay secure issue that when Rails application use CookieStore.
 1.0.0
 -----

data/README.md CHANGED Viewed

@@ -45,20 +45,6 @@ brew install imagemagick ghostscript
 ## Usage
-**Security Notice!**
-You need change your application Session store from `CookieStore` (Rails default) to backend store location.
-- [:active_session_store](https://github.com/rails/activerecord-session_store)
-- [:memcached_store](http://api.rubyonrails.org/classes/ActionDispatch/Session/MemCacheStore.html)
-- [:redis_session_store](https://github.com/roidrage/redis-session-store)
-config/initializers/session_store.rb
-```rb
-Rails.application.config.session_store :redis_session_store, { ... }
-```
 Put rucaptcha in your `Gemfile`:
 ```
@@ -80,6 +66,11 @@ RuCaptcha.configure do
   # self.expires_in = 120
   # Color style, default: :colorful, allows: [:colorful, :black_white]
   # self.style = :colorful
+  # [Requirement]
+  # Store Captcha code where, this config more like Rails config.cache_store
+  # default: Rails application config.cache_store
+  # But RuCaptcha requirements cache_store not in [:null_store, :memory_store, :file_store]
+  self.cache_store = :mem_cache_store
 end
 ```

data/lib/rucaptcha.rb CHANGED Viewed

@@ -20,6 +20,7 @@ module RuCaptcha
       @config.cache_limit = 100
       @config.expires_in  = 2.minutes
       @config.style       = :colorful
+      @config.cache_store = Rails.application.config.cache_store
       @config
     end

data/lib/rucaptcha/cache.rb CHANGED Viewed

@@ -1,6 +1,14 @@
 require 'fileutils'
 module RuCaptcha
+  class << self
+    def cache
+      return @cache if defined? @cache
+      @cache = ActiveSupport::Cache.lookup_store(RuCaptcha.config.cache_store)
+      @cache
+    end
+  end
   # File Cache
   module Cache
     def self.prepended(base)
@@ -11,7 +19,7 @@ module RuCaptcha
     module ClassMethods
       def create(code)
-        cache.fetch(code, expires_in: 1.days) do
+        file_cache.fetch(code, expires_in: 1.days) do
           super(code)
         end
       end
@@ -26,15 +34,15 @@ module RuCaptcha
         code
       end
-      def cache
-        return @cache if defined?(@cache)
+      def file_cache
+        return @file_cache if defined?(@file_cache)
         cache_path = Rails.root.join('tmp', 'cache', 'rucaptcha')
         FileUtils.mkdir_p(cache_path) unless File.exist? cache_path
-        @cache = ActiveSupport::Cache::FileStore.new(cache_path)
+        @file_cache = ActiveSupport::Cache::FileStore.new(cache_path)
         # clear expired captcha cache files on Process restart
-        @cache.cleanup
-        @cache
+        @file_cache.cleanup
+        @file_cache
       end
       def cached_codes

data/lib/rucaptcha/configuration.rb CHANGED Viewed

@@ -6,12 +6,15 @@ module RuCaptcha
     attr_accessor :len
     # implode, default 0.3
     attr_accessor :implode
+    # Store Captcha code where, this config more like Rails config.cache_store
+    # default: Rails application config.cache_store
+    attr_accessor :cache_store
     # Number of Captcha codes limit
     # set 0 to disable limit and file cache, default: 100
     attr_accessor :cache_limit
     # Color style, default: :colorful, allows: [:colorful, :black_white]
     attr_accessor :style
-    # session[:_rucaptcha] expire time, default 2 minutes
+    # rucaptcha expire time, default 2 minutes
     attr_accessor :expires_in
   end
 end

data/lib/rucaptcha/controller_helpers.rb CHANGED Viewed

@@ -6,28 +6,56 @@ module RuCaptcha
       helper_method :verify_rucaptcha?
     end
-    def generate_rucaptcha
-      session[:_rucaptcha]    = RuCaptcha::Captcha.random_chars
-      session[:_rucaptcha_at] = Time.now.to_i
+    def rucaptcha_sesion_key_key
+      ['rucaptcha-session', session.id].join(':')
+    end
-      RuCaptcha::Captcha.create(session[:_rucaptcha])
+    def generate_rucaptcha
+      code = RuCaptcha::Captcha.random_chars
+      session_val = {
+        code: code,
+        time: Time.now.to_i
+      }
+      RuCaptcha.cache.write(rucaptcha_sesion_key_key, session_val, expires_in: RuCaptcha.config.expires_in)
+      RuCaptcha::Captcha.create(code)
     end
     def verify_rucaptcha?(resource = nil)
-      rucaptcha_at = session[:_rucaptcha_at].to_i
-      captcha = (params[:_rucaptcha] || '').downcase.strip
+      store_info = RuCaptcha.cache.read(rucaptcha_sesion_key_key)
+      # make sure move used key
+      RuCaptcha.cache.delete(rucaptcha_sesion_key_key)
-      # Captcha chars in Session expire in 2 minutes
-      valid = false
-      if (Time.now.to_i - rucaptcha_at) <= RuCaptcha.config.expires_in
-        valid = captcha.present? && captcha == session.delete(:_rucaptcha)
+      # Make sure session exist
+      if store_info.blank?
+        return add_rucaptcha_validation_error
       end
-      if resource && resource.respond_to?(:errors)
-        resource.errors.add(:base, t('rucaptcha.invalid')) unless valid
+      # Make sure not expire
+      puts "-------------- #{store_info.inspect}"
+      if (Time.now.to_i - store_info[:time]) > RuCaptcha.config.expires_in
+        return add_rucaptcha_validation_error
+      end
+      # Make sure parama have captcha
+      captcha = (params[:_rucaptcha] || '').downcase.strip
+      if captcha.blank?
+        return add_rucaptcha_validation_error
       end
-      valid
+      if captcha != store_info[:code]
+        return add_rucaptcha_validation_error
+      end
+      true
+    end
+    private
+    def add_rucaptcha_validation_error
+      if defined?(resource) && resource && resource.respond_to?(:errors)
+        resource.errors.add(:base, t('rucaptcha.invalid'))
+      end
+      false
     end
   end
 end

data/lib/rucaptcha/engine.rb CHANGED Viewed

@@ -8,13 +8,19 @@ module RuCaptcha
         RuCaptcha::Captcha.send(:prepend, RuCaptcha::Cache)
       end
-      if Rails.application.config.session_store.name.match(/CookieStore/)
-        puts %(
-[RuCaptcha] Your application session has use #{Rails.application.config.session_store}
-this may have Session [Replay Attacks] secure issue in RuCaptcha case.
-We suggest you change it to backend [:active_record_store, :redis_session_store]
-http://guides.rubyonrails.org/security.html#replay-attacks-for-cookiestore-sessions)
-        puts ""
+      cache_store = RuCaptcha.config.cache_store
+      store_name = cache_store.is_a?(Array) ? cache_store.first : cache_store
+      if [:memory_store, :null_store, :file_store].include?(store_name)
+        raise "
+  RuCaptcha's cache_store requirements are stored across processes and machines,
+  such as :mem_cache_store, :redis_store, or other distributed storage.
+  But your current set is :#{store_name}.
+  Please make config file `config/initializes/rucaptcha.rb` to setup `cache_store`.
+  More infomation please read GitHub rucaptcha README file.
+"
       end
     end
   end

data/lib/rucaptcha/version.rb CHANGED Viewed

@@ -1,3 +1,3 @@
 module RuCaptcha
-  VERSION = '1.0.2'
+  VERSION = '1.1.0'
 end

metadata CHANGED Viewed

@@ -1,14 +1,14 @@
 --- !ruby/object:Gem::Specification
 name: rucaptcha
 version: !ruby/object:Gem::Version
-  version: 1.0.2
+  version: 1.1.0
 platform: ruby
 authors:
 - Jason Lee
 autorequire:
 bindir: bin
 cert_chain: []
-date: 2016-10-26 00:00:00.000000000 Z
+date: 2016-10-29 00:00:00.000000000 Z
 dependencies:
 - !ruby/object:Gem::Dependency
   name: railties