rucaptcha 2.5.5 → 2.6.1

Sign up to get free protection for your applications and to get access to all the features.
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
2
  SHA256:
3
- metadata.gz: e9d3d4dbd1dc22a2d97ed2d3d1fcc248621bbc97a90e0823c024244de9493c57
4
- data.tar.gz: 2d430de72e74176b92b021bf4f0462ba8f73ba147e3522c47f554ee8f72d3e9f
3
+ metadata.gz: 43b066933f98fbca0c17c9399112a974f4d012bebeaa12975eef9a9e8cd03c74
4
+ data.tar.gz: 106d354acfaa8850da0f11ae92d2e3268603e3582951aefec484d03d4f2e8635
5
5
  SHA512:
6
- metadata.gz: bc1c19827b035d8e50e4ce9c42d39f4df4ceff1682b1eacc866d69d3c61b4bf723b51705e1eb275880aa8b7161c7baeff6ca591b509528899c1097bd66381c65
7
- data.tar.gz: 0174b9a8e99f194d51fc69126f3fe1d38292b863db10fbbf8a76f2a1843ff23f882871613edc67c946c88a29cd26b9f37b3fd73b11457128cc1e6c371f234b29
6
+ metadata.gz: f0e0389c00e0a44deae317c609eae2a3ff716e125f0c485b37cd32a659ff60b152e945f6c8cf2691f815ee4da5531663d35ec15e8df0b1820d161f0ec7ec7dad
7
+ data.tar.gz: af4b7c997648efa973e81f19c187ecd8710c5c0e5884b6c9c42ae8d6ac98f48bf49b1ebf867a707c73fbd9ce8629c9d0d9835182463e8effa91bdd8be2e62c83
data/CHANGELOG.md CHANGED
@@ -1,3 +1,7 @@
1
+ New release please visit:
2
+
3
+ https://github.com/huacnlee/rucaptcha/releases
4
+
1
5
  ## 2.5.5
2
6
 
3
7
  - Improved image for thicker interference lines.
@@ -7,85 +11,59 @@
7
11
 
8
12
  - Fix: rucaptcha input maxlength attribute with config value.
9
13
 
10
- 2.5.3
11
-
12
- ---
14
+ ## 2.5.3
13
15
 
14
16
  - Fix session invalid warning, only for development env;
15
17
 
16
- 2.5.2
17
-
18
- ---
18
+ ## 2.5.2
19
19
 
20
20
  - Fix session.id error with upgrade Rails 6.0.2.1 or Rack 2.0.8 (#84)
21
21
 
22
- 2.5.1
23
-
24
- ---
22
+ ## 2.5.1
25
23
 
26
24
  - Fix invalid module name error. (#78)
27
25
 
28
- 2.5.0
29
-
30
- ---
26
+ ## 2.5.0
31
27
 
32
28
  - Support click captcha image to refresh new one by default.
33
29
  - Use simple tag helper generate captcha img html, for avoid asset_host (#73).
34
30
 
35
- 2.4.0
36
-
37
- ---
31
+ ## 2.4.0
38
32
 
39
33
  - Add skip_cache_store_check configuration. (#63)
40
34
  - Fix for generate captcha with relative path, not url. (#58)
41
35
 
42
- 2.3.2
43
-
44
- ---
36
+ ## 2.3.2
45
37
 
46
38
  - Change Yellow and Green colors to Pink and Deep Purple to pass WCAG 2.0's contrast test. (#70)
47
39
 
48
- 2.3.1
49
-
50
- ---
40
+ ## 2.3.1
51
41
 
52
42
  - Fix #67 a y chars will invalid error (only in 2.3.0).
53
43
 
54
- 2.3.0
55
-
56
- ---
44
+ ## 2.3.0
57
45
 
58
46
  - Add `config.outline` for use outline style.
59
47
  - Reduce colors down to 5 (red, blue, green, yellow and black).
60
48
 
61
- 2.2.0
62
-
63
- ---
49
+ ## 2.2.0
64
50
 
65
51
  - Add option `config.length` for support change number chars. (#57)
66
52
  - Add option `config.strikethrough` for enable or disable strikethrough. (#57)
67
53
 
68
- 2.1.3
69
-
70
- ---
54
+ ## 2.1.3
71
55
 
72
56
  - Windows support fixed with `send_data` method. (#45)
73
57
 
74
- 2.1.2
75
-
76
- ---
58
+ ## 2.1.2
77
59
 
78
60
  - Do not change captcha when `HEAD /rucaptcha`.
79
61
 
80
- 2.1.1
81
-
82
- ---
62
+ ## 2.1.1
83
63
 
84
64
  - Mount engine use `prepend` method to get high priority in config/routes.rb.
85
65
 
86
- 2.1.0
87
-
88
- ---
66
+ ## 2.1.0
89
67
 
90
68
  - Mount Router by default, not need config now.
91
69
 
@@ -99,15 +77,11 @@
99
77
 
100
78
  - Use `ActiveSupport.on_load` to extend ActionController and ActionView.
101
79
 
102
- 2.0.1
103
-
104
- ---
80
+ ## 2.0.1
105
81
 
106
82
  - Fix `/rucaptcha` path issue when `config.action_controller.asset_host` has setup with CDN url.
107
83
 
108
- 2.0.0
109
-
110
- ---
84
+ ## 2.0.0
111
85
 
112
86
  _Break Changes!_
113
87
 
@@ -117,188 +91,3 @@ WARNING!: This version have so many break changes!
117
91
  - New captcha style.
118
92
  - Remove `len`, `font_size`, `cache_limit` config key, no support now.
119
93
  - Output `GIF` format.
120
-
121
- 1.2.0
122
-
123
- ---
124
-
125
- - Add an `:keep_session` option for `verify_rucaptcha?` method to giva a way for let you keep session on verify, if true, RuCaptcha will not delete the captcha code session after validation.
126
-
127
- 1.1.4
128
-
129
- ---
130
-
131
- - Fix #35 just give a warning message if not setup a right cache_store, only raise on :null_store.
132
-
133
- 1.1.2
134
-
135
- ---
136
-
137
- - Fix #34 rucaptcha.root_url -> root_path, to avoid generate a http url in a https application.
138
- - Fix spec to require Ruby 2.0.0, because there have a `Module#prepend` method called.
139
-
140
- 1.1.1
141
-
142
- ---
143
-
144
- - Remove inspect log on verify_rucaptcha
145
-
146
- 1.1.0
147
-
148
- ---
149
-
150
- - Add `cache_store` config key to setup a cache store location for RuCaptcha.
151
- - Store captcha in custom cache store.
152
-
153
- ## Security Notes
154
-
155
- - Fix Session replay secure issue that when Rails application use CookieStore.
156
-
157
- 1.0.0
158
-
159
- ---
160
-
161
- - Adjust to avoid lighter colors.
162
- - Avoid continuous chars have same color.
163
- - Use same color for each chars in :black_white mode.
164
-
165
- 0.5.1
166
-
167
- ---
168
-
169
- - Make sure it will render image when ImageMagick stderr have warning messages. (#26)
170
-
171
- 0.5.0
172
-
173
- ---
174
-
175
- - Fix cache with Rails 5.
176
-
177
- 0.4.5
178
-
179
- ---
180
-
181
- - Removed `posix-spawn` dependency, used open3 instead (core funciontality), JRuby compatible (#24)
182
-
183
- 0.4.4
184
-
185
- ---
186
-
187
- - Remove deprecated `width`, `height` config.
188
- - Delete session key after verify (#23).
189
- - Lighter text color, improve style.
190
-
191
- 0.4.2
192
-
193
- ---
194
-
195
- - Fix NoMethodError bug when params[:_rucaptha] is nil.
196
-
197
- 0.4.1
198
-
199
- ---
200
-
201
- - Add error message to resource when captcha code expired.
202
-
203
- 0.4.0
204
-
205
- ---
206
-
207
- - Add `config.colorize` option, to allow use black text theme.
208
-
209
- 0.3.3
210
-
211
- ---
212
-
213
- - Add `config.expires_in` to allow change captcha code expire time.
214
-
215
- 0.3.2.1
216
-
217
- ---
218
-
219
- - Add Windows development env support.
220
-
221
- 0.3.2
222
-
223
- ---
224
-
225
- - Make better render positions;
226
- - Trim blank space.
227
-
228
- 0.3.1
229
-
230
- ---
231
-
232
- - More complex Image render: compact text, strong lines, +/-5 rotate...
233
- - [DEPRECATION] config.width, config.height removed, use config.font_size.
234
- - Fix the render position in difference font sizes.
235
- - Fix input field type, and disable autocorrect, autocapitalize, and limit maxlength with char length;
236
-
237
- 0.2.5
238
-
239
- ---
240
-
241
- - Add `session[:_rucaptcha]` expire time, for protect Rails CookieSession Replay Attack.
242
- - Captcha input field disable autocomplete, and set field type as `email` for shown correct keyboard on mobile view.
243
-
244
- 0.2.3
245
-
246
- ---
247
-
248
- - It will raise error when call ImageMagick failed.
249
-
250
- 0.2.2
251
-
252
- ---
253
-
254
- - Added locale for pt-BR language; @ramirovjr
255
-
256
- 0.2.1
257
-
258
- ---
259
-
260
- - Fix issue when cache dir not exist.
261
-
262
- 0.2.0
263
-
264
- ---
265
-
266
- - Added file cache, can setup how many images you want generate by `config.cache_limit`,
267
- RuCaptcha will use cache for next requests.
268
- When you restart Rails processes it will generate new again and clean the old caches.
269
-
270
- 0.1.4
271
-
272
- ---
273
-
274
- - Fix `verify_rucaptcha?` logic in somecase.
275
- - Locales fixed.
276
-
277
- 0.1.3
278
-
279
- ---
280
-
281
- - `zh-TW` translate file fixed.
282
- - Use xxx_url to fix bad captcha URL for `config.action_controller.asset_host` enabled case.
283
-
284
- 0.1.2
285
-
286
- ---
287
-
288
- - No case sensitive;
289
- - Export config.implode;
290
- - Improve image color and style;
291
- - Don't generate chars in 'l,o,0,1'.
292
- - Render lower case chars on image.
293
-
294
- 0.1.1
295
-
296
- ---
297
-
298
- - Include default validation I18n messages (en, zh-CN, zh-TW).
299
-
300
- 0.1.0
301
-
302
- ---
303
-
304
- - First release.
data/README.md CHANGED
@@ -5,8 +5,10 @@
5
5
 
6
6
  This is a Captcha gem for Rails Applications which generates captcha image by C code.
7
7
 
8
- > NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked. It is recommended that you use the IP rate limit to enhance the protection.
9
- > NOTE: 以 Ruby China 的使用来看,验证码似乎有低于 5% 的概率被 OCR 读取解析导致验证码被破解(我们从日志分析绝大多数是成功的,但偶尔一个成功,配合大量机器攻击,导致注册了很多的垃圾账号),建议你额外配合 IP 频率限制的功能来加强保护。
8
+ > NOTE: According to the use of Ruby China, the verification code looks like has a lower than 5% probability of being parsed by OCR and the verification code is cracked (All Image Captcha libs are has same problem). It is recommended that you use the IP rate limit to enhance the protection.
9
+ > NOTE: 以 Ruby China 的使用来看,验证码似乎有低于 5% 的概率被 OCR 读取解析 (图片验证码都有这个问题) 导致验证码被破解(我们从日志分析绝大多数是成功的,但偶尔一个成功,配合大量机器攻击,导致注册了很多的垃圾账号),建议你额外配合 IP 频率限制的功能来加强保护。
10
+
11
+ > 如果你需要更高强度的验证,建议选择商用服务。
10
12
 
11
13
  [中文介绍和使用说明](https://ruby-china.org/topics/27832)
12
14
 
@@ -6,7 +6,7 @@ module RuCaptcha
6
6
  headers["Cache-Control"] = "no-cache, no-store, max-age=0, must-revalidate"
7
7
  headers["Pragma"] = "no-cache"
8
8
  data = generate_rucaptcha
9
- opts = { disposition: "inline", type: "image/gif" }
9
+ opts = {disposition: "inline", type: "image/gif"}
10
10
  send_data data, opts
11
11
  end
12
12
  end
@@ -6,19 +6,24 @@ module RuCaptcha
6
6
  helper_method :verify_rucaptcha?
7
7
  end
8
8
 
9
+ def rucaptcha_session_id
10
+ cookies[:_rucaptcha_session_id]
11
+ end
12
+
9
13
  # session key of rucaptcha
10
14
  def rucaptcha_sesion_key_key
11
- session_id = session.respond_to?(:id) ? session.id : session[:session_id]
12
- warning_when_session_invalid if session_id.blank?
15
+ warning_when_session_invalid if rucaptcha_session_id.blank?
13
16
 
14
17
  # With https://github.com/rack/rack/commit/7fecaee81f59926b6e1913511c90650e76673b38
15
18
  # to protected session_id into secret
16
- session_id_digest = Digest::SHA256.hexdigest(session_id.inspect)
19
+ session_id_digest = Digest::SHA256.hexdigest(rucaptcha_session_id.inspect)
17
20
  ["rucaptcha-session", session_id_digest].join(":")
18
21
  end
19
22
 
20
23
  # Generate a new Captcha
21
24
  def generate_rucaptcha
25
+ generate_rucaptcha_session_id
26
+
22
27
  res = RuCaptcha.generate
23
28
  session_val = {
24
29
  code: res[0],
@@ -67,6 +72,15 @@ module RuCaptcha
67
72
 
68
73
  private
69
74
 
75
+ def generate_rucaptcha_session_id
76
+ return if rucaptcha_session_id.present?
77
+
78
+ cookies[:_rucaptcha_session_id] = {
79
+ value: SecureRandom.hex(16),
80
+ expires: 1.day
81
+ }
82
+ end
83
+
70
84
  def add_rucaptcha_validation_error
71
85
  if defined?(resource) && resource && resource.respond_to?(:errors)
72
86
  resource.errors.add(:base, t("rucaptcha.invalid"))
@@ -1,3 +1,3 @@
1
1
  module RuCaptcha
2
- VERSION = "2.5.5"
2
+ VERSION = "2.6.1"
3
3
  end
@@ -1,19 +1,20 @@
1
1
  module RuCaptcha
2
2
  module ViewHelpers
3
3
  def rucaptcha_input_tag(opts = {})
4
- opts[:name] = "_rucaptcha"
5
- opts[:type] = "text"
6
- opts[:autocorrect] = "off"
4
+ opts[:name] = "_rucaptcha"
5
+ opts[:type] = "text"
6
+ opts[:autocorrect] = "off"
7
7
  opts[:autocapitalize] = "off"
8
- opts[:pattern] = "[a-zA-Z]*"
9
- opts[:autocomplete] = "off"
10
- opts[:maxlength] = RuCaptcha.config.length
8
+ opts[:pattern] = "[a-zA-Z]*"
9
+ opts[:autocomplete] = "off"
10
+ opts[:maxlength] = RuCaptcha.config.length
11
11
  tag(:input, opts)
12
12
  end
13
13
 
14
14
  def rucaptcha_image_tag(opts = {})
15
+ @rucaptcha_image_tag__image_path_in_this_request ||= "#{ru_captcha.root_path}?t=#{Time.now.strftime("%s%L")}"
15
16
  opts[:class] = opts[:class] || "rucaptcha-image"
16
- opts[:src] = ru_captcha.root_path
17
+ opts[:src] = @rucaptcha_image_tag__image_path_in_this_request
17
18
  opts[:onclick] = "this.src = '#{ru_captcha.root_path}?t=' + Date.now();"
18
19
  tag(:img, opts)
19
20
  end
data/lib/rucaptcha.rb CHANGED
@@ -16,18 +16,18 @@ module RuCaptcha
16
16
  return @config if defined?(@config)
17
17
 
18
18
  @config = Configuration.new
19
- @config.style = :colorful
20
- @config.length = 5
19
+ @config.style = :colorful
20
+ @config.length = 5
21
21
  @config.strikethrough = true
22
- @config.outline = false
23
- @config.expires_in = 2.minutes
22
+ @config.outline = false
23
+ @config.expires_in = 2.minutes
24
24
  @config.skip_cache_store_check = false
25
25
 
26
26
  @config.cache_store = if Rails.application
27
- Rails.application.config.cache_store
28
- else
29
- :mem_cache_store
30
- end
27
+ Rails.application.config.cache_store
28
+ else
29
+ :mem_cache_store
30
+ end
31
31
  @config.cache_store
32
32
  @config
33
33
  end
metadata CHANGED
@@ -1,14 +1,14 @@
1
1
  --- !ruby/object:Gem::Specification
2
2
  name: rucaptcha
3
3
  version: !ruby/object:Gem::Version
4
- version: 2.5.5
4
+ version: 2.6.1
5
5
  platform: ruby
6
6
  authors:
7
7
  - Jason Lee
8
8
  autorequire:
9
9
  bindir: bin
10
10
  cert_chain: []
11
- date: 2021-01-27 00:00:00.000000000 Z
11
+ date: 2022-02-09 00:00:00.000000000 Z
12
12
  dependencies:
13
13
  - !ruby/object:Gem::Dependency
14
14
  name: railties