rucaptcha 2.5.5 → 2.6.1
Sign up to get free protection for your applications and to get access to all the features.
- checksums.yaml +4 -4
- data/CHANGELOG.md +19 -230
- data/README.md +4 -2
- data/app/controllers/ru_captcha/captcha_controller.rb +1 -1
- data/lib/rucaptcha/controller_helpers.rb +17 -3
- data/lib/rucaptcha/version.rb +1 -1
- data/lib/rucaptcha/view_helpers.rb +8 -7
- data/lib/rucaptcha.rb +8 -8
- metadata +2 -2
checksums.yaml
CHANGED
@@ -1,7 +1,7 @@
|
|
1
1
|
---
|
2
2
|
SHA256:
|
3
|
-
metadata.gz:
|
4
|
-
data.tar.gz:
|
3
|
+
metadata.gz: 43b066933f98fbca0c17c9399112a974f4d012bebeaa12975eef9a9e8cd03c74
|
4
|
+
data.tar.gz: 106d354acfaa8850da0f11ae92d2e3268603e3582951aefec484d03d4f2e8635
|
5
5
|
SHA512:
|
6
|
-
metadata.gz:
|
7
|
-
data.tar.gz:
|
6
|
+
metadata.gz: f0e0389c00e0a44deae317c609eae2a3ff716e125f0c485b37cd32a659ff60b152e945f6c8cf2691f815ee4da5531663d35ec15e8df0b1820d161f0ec7ec7dad
|
7
|
+
data.tar.gz: af4b7c997648efa973e81f19c187ecd8710c5c0e5884b6c9c42ae8d6ac98f48bf49b1ebf867a707c73fbd9ce8629c9d0d9835182463e8effa91bdd8be2e62c83
|
data/CHANGELOG.md
CHANGED
@@ -1,3 +1,7 @@
|
|
1
|
+
New release please visit:
|
2
|
+
|
3
|
+
https://github.com/huacnlee/rucaptcha/releases
|
4
|
+
|
1
5
|
## 2.5.5
|
2
6
|
|
3
7
|
- Improved image for thicker interference lines.
|
@@ -7,85 +11,59 @@
|
|
7
11
|
|
8
12
|
- Fix: rucaptcha input maxlength attribute with config value.
|
9
13
|
|
10
|
-
|
11
|
-
|
12
|
-
---
|
14
|
+
## 2.5.3
|
13
15
|
|
14
16
|
- Fix session invalid warning, only for development env;
|
15
17
|
|
16
|
-
|
17
|
-
|
18
|
-
---
|
18
|
+
## 2.5.2
|
19
19
|
|
20
20
|
- Fix session.id error with upgrade Rails 6.0.2.1 or Rack 2.0.8 (#84)
|
21
21
|
|
22
|
-
|
23
|
-
|
24
|
-
---
|
22
|
+
## 2.5.1
|
25
23
|
|
26
24
|
- Fix invalid module name error. (#78)
|
27
25
|
|
28
|
-
|
29
|
-
|
30
|
-
---
|
26
|
+
## 2.5.0
|
31
27
|
|
32
28
|
- Support click captcha image to refresh new one by default.
|
33
29
|
- Use simple tag helper generate captcha img html, for avoid asset_host (#73).
|
34
30
|
|
35
|
-
|
36
|
-
|
37
|
-
---
|
31
|
+
## 2.4.0
|
38
32
|
|
39
33
|
- Add skip_cache_store_check configuration. (#63)
|
40
34
|
- Fix for generate captcha with relative path, not url. (#58)
|
41
35
|
|
42
|
-
|
43
|
-
|
44
|
-
---
|
36
|
+
## 2.3.2
|
45
37
|
|
46
38
|
- Change Yellow and Green colors to Pink and Deep Purple to pass WCAG 2.0's contrast test. (#70)
|
47
39
|
|
48
|
-
|
49
|
-
|
50
|
-
---
|
40
|
+
## 2.3.1
|
51
41
|
|
52
42
|
- Fix #67 a y chars will invalid error (only in 2.3.0).
|
53
43
|
|
54
|
-
|
55
|
-
|
56
|
-
---
|
44
|
+
## 2.3.0
|
57
45
|
|
58
46
|
- Add `config.outline` for use outline style.
|
59
47
|
- Reduce colors down to 5 (red, blue, green, yellow and black).
|
60
48
|
|
61
|
-
|
62
|
-
|
63
|
-
---
|
49
|
+
## 2.2.0
|
64
50
|
|
65
51
|
- Add option `config.length` for support change number chars. (#57)
|
66
52
|
- Add option `config.strikethrough` for enable or disable strikethrough. (#57)
|
67
53
|
|
68
|
-
|
69
|
-
|
70
|
-
---
|
54
|
+
## 2.1.3
|
71
55
|
|
72
56
|
- Windows support fixed with `send_data` method. (#45)
|
73
57
|
|
74
|
-
|
75
|
-
|
76
|
-
---
|
58
|
+
## 2.1.2
|
77
59
|
|
78
60
|
- Do not change captcha when `HEAD /rucaptcha`.
|
79
61
|
|
80
|
-
|
81
|
-
|
82
|
-
---
|
62
|
+
## 2.1.1
|
83
63
|
|
84
64
|
- Mount engine use `prepend` method to get high priority in config/routes.rb.
|
85
65
|
|
86
|
-
|
87
|
-
|
88
|
-
---
|
66
|
+
## 2.1.0
|
89
67
|
|
90
68
|
- Mount Router by default, not need config now.
|
91
69
|
|
@@ -99,15 +77,11 @@
|
|
99
77
|
|
100
78
|
- Use `ActiveSupport.on_load` to extend ActionController and ActionView.
|
101
79
|
|
102
|
-
|
103
|
-
|
104
|
-
---
|
80
|
+
## 2.0.1
|
105
81
|
|
106
82
|
- Fix `/rucaptcha` path issue when `config.action_controller.asset_host` has setup with CDN url.
|
107
83
|
|
108
|
-
|
109
|
-
|
110
|
-
---
|
84
|
+
## 2.0.0
|
111
85
|
|
112
86
|
_Break Changes!_
|
113
87
|
|
@@ -117,188 +91,3 @@ WARNING!: This version have so many break changes!
|
|
117
91
|
- New captcha style.
|
118
92
|
- Remove `len`, `font_size`, `cache_limit` config key, no support now.
|
119
93
|
- Output `GIF` format.
|
120
|
-
|
121
|
-
1.2.0
|
122
|
-
|
123
|
-
---
|
124
|
-
|
125
|
-
- Add an `:keep_session` option for `verify_rucaptcha?` method to giva a way for let you keep session on verify, if true, RuCaptcha will not delete the captcha code session after validation.
|
126
|
-
|
127
|
-
1.1.4
|
128
|
-
|
129
|
-
---
|
130
|
-
|
131
|
-
- Fix #35 just give a warning message if not setup a right cache_store, only raise on :null_store.
|
132
|
-
|
133
|
-
1.1.2
|
134
|
-
|
135
|
-
---
|
136
|
-
|
137
|
-
- Fix #34 rucaptcha.root_url -> root_path, to avoid generate a http url in a https application.
|
138
|
-
- Fix spec to require Ruby 2.0.0, because there have a `Module#prepend` method called.
|
139
|
-
|
140
|
-
1.1.1
|
141
|
-
|
142
|
-
---
|
143
|
-
|
144
|
-
- Remove inspect log on verify_rucaptcha
|
145
|
-
|
146
|
-
1.1.0
|
147
|
-
|
148
|
-
---
|
149
|
-
|
150
|
-
- Add `cache_store` config key to setup a cache store location for RuCaptcha.
|
151
|
-
- Store captcha in custom cache store.
|
152
|
-
|
153
|
-
## Security Notes
|
154
|
-
|
155
|
-
- Fix Session replay secure issue that when Rails application use CookieStore.
|
156
|
-
|
157
|
-
1.0.0
|
158
|
-
|
159
|
-
---
|
160
|
-
|
161
|
-
- Adjust to avoid lighter colors.
|
162
|
-
- Avoid continuous chars have same color.
|
163
|
-
- Use same color for each chars in :black_white mode.
|
164
|
-
|
165
|
-
0.5.1
|
166
|
-
|
167
|
-
---
|
168
|
-
|
169
|
-
- Make sure it will render image when ImageMagick stderr have warning messages. (#26)
|
170
|
-
|
171
|
-
0.5.0
|
172
|
-
|
173
|
-
---
|
174
|
-
|
175
|
-
- Fix cache with Rails 5.
|
176
|
-
|
177
|
-
0.4.5
|
178
|
-
|
179
|
-
---
|
180
|
-
|
181
|
-
- Removed `posix-spawn` dependency, used open3 instead (core funciontality), JRuby compatible (#24)
|
182
|
-
|
183
|
-
0.4.4
|
184
|
-
|
185
|
-
---
|
186
|
-
|
187
|
-
- Remove deprecated `width`, `height` config.
|
188
|
-
- Delete session key after verify (#23).
|
189
|
-
- Lighter text color, improve style.
|
190
|
-
|
191
|
-
0.4.2
|
192
|
-
|
193
|
-
---
|
194
|
-
|
195
|
-
- Fix NoMethodError bug when params[:_rucaptha] is nil.
|
196
|
-
|
197
|
-
0.4.1
|
198
|
-
|
199
|
-
---
|
200
|
-
|
201
|
-
- Add error message to resource when captcha code expired.
|
202
|
-
|
203
|
-
0.4.0
|
204
|
-
|
205
|
-
---
|
206
|
-
|
207
|
-
- Add `config.colorize` option, to allow use black text theme.
|
208
|
-
|
209
|
-
0.3.3
|
210
|
-
|
211
|
-
---
|
212
|
-
|
213
|
-
- Add `config.expires_in` to allow change captcha code expire time.
|
214
|
-
|
215
|
-
0.3.2.1
|
216
|
-
|
217
|
-
---
|
218
|
-
|
219
|
-
- Add Windows development env support.
|
220
|
-
|
221
|
-
0.3.2
|
222
|
-
|
223
|
-
---
|
224
|
-
|
225
|
-
- Make better render positions;
|
226
|
-
- Trim blank space.
|
227
|
-
|
228
|
-
0.3.1
|
229
|
-
|
230
|
-
---
|
231
|
-
|
232
|
-
- More complex Image render: compact text, strong lines, +/-5 rotate...
|
233
|
-
- [DEPRECATION] config.width, config.height removed, use config.font_size.
|
234
|
-
- Fix the render position in difference font sizes.
|
235
|
-
- Fix input field type, and disable autocorrect, autocapitalize, and limit maxlength with char length;
|
236
|
-
|
237
|
-
0.2.5
|
238
|
-
|
239
|
-
---
|
240
|
-
|
241
|
-
- Add `session[:_rucaptcha]` expire time, for protect Rails CookieSession Replay Attack.
|
242
|
-
- Captcha input field disable autocomplete, and set field type as `email` for shown correct keyboard on mobile view.
|
243
|
-
|
244
|
-
0.2.3
|
245
|
-
|
246
|
-
---
|
247
|
-
|
248
|
-
- It will raise error when call ImageMagick failed.
|
249
|
-
|
250
|
-
0.2.2
|
251
|
-
|
252
|
-
---
|
253
|
-
|
254
|
-
- Added locale for pt-BR language; @ramirovjr
|
255
|
-
|
256
|
-
0.2.1
|
257
|
-
|
258
|
-
---
|
259
|
-
|
260
|
-
- Fix issue when cache dir not exist.
|
261
|
-
|
262
|
-
0.2.0
|
263
|
-
|
264
|
-
---
|
265
|
-
|
266
|
-
- Added file cache, can setup how many images you want generate by `config.cache_limit`,
|
267
|
-
RuCaptcha will use cache for next requests.
|
268
|
-
When you restart Rails processes it will generate new again and clean the old caches.
|
269
|
-
|
270
|
-
0.1.4
|
271
|
-
|
272
|
-
---
|
273
|
-
|
274
|
-
- Fix `verify_rucaptcha?` logic in somecase.
|
275
|
-
- Locales fixed.
|
276
|
-
|
277
|
-
0.1.3
|
278
|
-
|
279
|
-
---
|
280
|
-
|
281
|
-
- `zh-TW` translate file fixed.
|
282
|
-
- Use xxx_url to fix bad captcha URL for `config.action_controller.asset_host` enabled case.
|
283
|
-
|
284
|
-
0.1.2
|
285
|
-
|
286
|
-
---
|
287
|
-
|
288
|
-
- No case sensitive;
|
289
|
-
- Export config.implode;
|
290
|
-
- Improve image color and style;
|
291
|
-
- Don't generate chars in 'l,o,0,1'.
|
292
|
-
- Render lower case chars on image.
|
293
|
-
|
294
|
-
0.1.1
|
295
|
-
|
296
|
-
---
|
297
|
-
|
298
|
-
- Include default validation I18n messages (en, zh-CN, zh-TW).
|
299
|
-
|
300
|
-
0.1.0
|
301
|
-
|
302
|
-
---
|
303
|
-
|
304
|
-
- First release.
|
data/README.md
CHANGED
@@ -5,8 +5,10 @@
|
|
5
5
|
|
6
6
|
This is a Captcha gem for Rails Applications which generates captcha image by C code.
|
7
7
|
|
8
|
-
> NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked. It is recommended that you use the IP rate limit to enhance the protection.
|
9
|
-
> NOTE: 以 Ruby China 的使用来看,验证码似乎有低于 5% 的概率被 OCR
|
8
|
+
> NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked (All Image Captcha libs are has same problem). It is recommended that you use the IP rate limit to enhance the protection.
|
9
|
+
> NOTE: 以 Ruby China 的使用来看,验证码似乎有低于 5% 的概率被 OCR 读取解析 (图片验证码都有这个问题) 导致验证码被破解(我们从日志分析绝大多数是成功的,但偶尔一个成功,配合大量机器攻击,导致注册了很多的垃圾账号),建议你额外配合 IP 频率限制的功能来加强保护。
|
10
|
+
|
11
|
+
> 如果你需要更高强度的验证,建议选择商用服务。
|
10
12
|
|
11
13
|
[中文介绍和使用说明](https://ruby-china.org/topics/27832)
|
12
14
|
|
@@ -6,7 +6,7 @@ module RuCaptcha
|
|
6
6
|
headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
|
7
7
|
headers["Pragma"] = "no-cache"
|
8
8
|
data = generate_rucaptcha
|
9
|
-
opts = {
|
9
|
+
opts = {disposition: "inline", type: "image/gif"}
|
10
10
|
send_data data, opts
|
11
11
|
end
|
12
12
|
end
|
@@ -6,19 +6,24 @@ module RuCaptcha
|
|
6
6
|
helper_method :verify_rucaptcha?
|
7
7
|
end
|
8
8
|
|
9
|
+
def rucaptcha_session_id
|
10
|
+
cookies[:_rucaptcha_session_id]
|
11
|
+
end
|
12
|
+
|
9
13
|
# session key of rucaptcha
|
10
14
|
def rucaptcha_sesion_key_key
|
11
|
-
|
12
|
-
warning_when_session_invalid if session_id.blank?
|
15
|
+
warning_when_session_invalid if rucaptcha_session_id.blank?
|
13
16
|
|
14
17
|
# With https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
|
15
18
|
# to protected session_id into secret
|
16
|
-
session_id_digest = Digest::SHA256.hexdigest(
|
19
|
+
session_id_digest = Digest::SHA256.hexdigest(rucaptcha_session_id.inspect)
|
17
20
|
["rucaptcha-session", session_id_digest].join(":")
|
18
21
|
end
|
19
22
|
|
20
23
|
# Generate a new Captcha
|
21
24
|
def generate_rucaptcha
|
25
|
+
generate_rucaptcha_session_id
|
26
|
+
|
22
27
|
res = RuCaptcha.generate
|
23
28
|
session_val = {
|
24
29
|
code: res[0],
|
@@ -67,6 +72,15 @@ module RuCaptcha
|
|
67
72
|
|
68
73
|
private
|
69
74
|
|
75
|
+
def generate_rucaptcha_session_id
|
76
|
+
return if rucaptcha_session_id.present?
|
77
|
+
|
78
|
+
cookies[:_rucaptcha_session_id] = {
|
79
|
+
value: SecureRandom.hex(16),
|
80
|
+
expires: 1.day
|
81
|
+
}
|
82
|
+
end
|
83
|
+
|
70
84
|
def add_rucaptcha_validation_error
|
71
85
|
if defined?(resource) && resource && resource.respond_to?(:errors)
|
72
86
|
resource.errors.add(:base, t("rucaptcha.invalid"))
|
data/lib/rucaptcha/version.rb
CHANGED
@@ -1,19 +1,20 @@
|
|
1
1
|
module RuCaptcha
|
2
2
|
module ViewHelpers
|
3
3
|
def rucaptcha_input_tag(opts = {})
|
4
|
-
opts[:name]
|
5
|
-
opts[:type]
|
6
|
-
opts[:autocorrect]
|
4
|
+
opts[:name] = "_rucaptcha"
|
5
|
+
opts[:type] = "text"
|
6
|
+
opts[:autocorrect] = "off"
|
7
7
|
opts[:autocapitalize] = "off"
|
8
|
-
opts[:pattern]
|
9
|
-
opts[:autocomplete]
|
10
|
-
opts[:maxlength]
|
8
|
+
opts[:pattern] = "[a-zA-Z]*"
|
9
|
+
opts[:autocomplete] = "off"
|
10
|
+
opts[:maxlength] = RuCaptcha.config.length
|
11
11
|
tag(:input, opts)
|
12
12
|
end
|
13
13
|
|
14
14
|
def rucaptcha_image_tag(opts = {})
|
15
|
+
@rucaptcha_image_tag__image_path_in_this_request ||= "#{ru_captcha.root_path}?t=#{Time.now.strftime("%s%L")}"
|
15
16
|
opts[:class] = opts[:class] || "rucaptcha-image"
|
16
|
-
opts[:src] =
|
17
|
+
opts[:src] = @rucaptcha_image_tag__image_path_in_this_request
|
17
18
|
opts[:onclick] = "this.src = '#{ru_captcha.root_path}?t=' + Date.now();"
|
18
19
|
tag(:img, opts)
|
19
20
|
end
|
data/lib/rucaptcha.rb
CHANGED
@@ -16,18 +16,18 @@ module RuCaptcha
|
|
16
16
|
return @config if defined?(@config)
|
17
17
|
|
18
18
|
@config = Configuration.new
|
19
|
-
@config.style
|
20
|
-
@config.length
|
19
|
+
@config.style = :colorful
|
20
|
+
@config.length = 5
|
21
21
|
@config.strikethrough = true
|
22
|
-
@config.outline
|
23
|
-
@config.expires_in
|
22
|
+
@config.outline = false
|
23
|
+
@config.expires_in = 2.minutes
|
24
24
|
@config.skip_cache_store_check = false
|
25
25
|
|
26
26
|
@config.cache_store = if Rails.application
|
27
|
-
|
28
|
-
|
29
|
-
|
30
|
-
|
27
|
+
Rails.application.config.cache_store
|
28
|
+
else
|
29
|
+
:mem_cache_store
|
30
|
+
end
|
31
31
|
@config.cache_store
|
32
32
|
@config
|
33
33
|
end
|
metadata
CHANGED
@@ -1,14 +1,14 @@
|
|
1
1
|
--- !ruby/object:Gem::Specification
|
2
2
|
name: rucaptcha
|
3
3
|
version: !ruby/object:Gem::Version
|
4
|
-
version: 2.
|
4
|
+
version: 2.6.1
|
5
5
|
platform: ruby
|
6
6
|
authors:
|
7
7
|
- Jason Lee
|
8
8
|
autorequire:
|
9
9
|
bindir: bin
|
10
10
|
cert_chain: []
|
11
|
-
date:
|
11
|
+
date: 2022-02-09 00:00:00.000000000 Z
|
12
12
|
dependencies:
|
13
13
|
- !ruby/object:Gem::Dependency
|
14
14
|
name: railties
|