validates_captcha 0.9.0

data/lib/validates_captcha/middleware/simple.rb

@@ -0,0 +1,108 @@
+require 'active_support/core_ext/string/bytesize'
+
+module ValidatesCaptcha
+  module Middleware
+    # This class acts as the Rack middleware that serves the captcha images.
+    #
+    # You can implement your own middleware by creating a 
+    # class that conforms to the method definitions of the example below and 
+    # assign an instance of it to ValidatesCaptcha#middleware=.
+    #
+    # Example for a custom middleware:
+    #
+    #  class MyMiddleware
+    #    def image_path(encrypted_code)
+    #      '/captchas/image/' + encrypted_code + ValidatesCaptcha.captcha_image_file_extension
+    #    end
+    #
+    #    def regenerate_path
+    #      '/captchas/regenerate'
+    #    end
+    #
+    #    def call(env)
+    #      if env['PATH_INFO'] =~ /^\/captchas\/image\/([^\.]+)/
+    #        decrypted_code = ValidatesCaptcha.decrypt_captcha_code($1)
+    #    
+    #        if decrypted_code.nil?
+    #          [422, { 'Content-Type' => 'text/html' }, ['Unprocessable Entity']]
+    #        else
+    #          image_data = ValidatesCaptcha.generate_captcha_image(decrypted_code)
+    #        
+    #          headers = {
+    #            'Content-Length'            => image_data.bytesize.to_s,
+    #            'Content-Type'              => ValidatesCaptcha.captcha_image_mime_type,
+    #            'Content-Disposition'       => 'inline',
+    #            'Content-Transfer-Encoding' => 'binary'
+    #          }
+    #        
+    #          [200, headers, [image_data]]
+    #        end
+    #      elsif env['PATH_INFO'] == regenerate_path
+    #        encrypted_code = ValidatesCaptcha.encrypt_captcha_code(ValidatesCaptcha.generate_captcha_code)
+    #        xml = { :encrypted_captcha_code => encrypted_code, :captcha_image_path => image_path(encrypted_code) }.to_xml
+    #
+    #        [200, { 'Content-Type' => 'application/xml' }, [xml]]
+    #      else
+    #        [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
+    #      end
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha.middleware = MyMiddleware.new
+    #    
+    class Simple      
+      # Returns the captcha image path for a given encrypted code. 
+      #
+      # This is used by the +captcha_image+ form helper.
+      def image_path(encrypted_code)
+        "/captchas/#{encrypted_code}#{ValidatesCaptcha.captcha_image_file_extension}"
+      end
+      
+      # Returns the path that is used when requesting the regeneration 
+      # of a captcha image. Defaults to '/captchas/regenerate'.
+      #
+      # This is used by the +regenerate_captcha_link+ form helper.
+      def regenerate_path
+        '/captchas/regenerate'
+      end
+      
+      # This method is the one called by Rack.
+      # 
+      # It returns HTTP status 404 if the path is not recognized. If the path is 
+      # recognized, it returns HTTP status 200 and delivers the image if it could 
+      # successfully decrypt the captcha code, otherwise HTTP status 422.
+      #
+      # Please take a look at the source code if you want to learn more.
+      def call(env)
+        if env['PATH_INFO'] =~ /^\/captchas\/([^\.]+)/
+          if $1 == 'regenerate'
+            encrypted_code = ValidatesCaptcha.encrypt_captcha_code(ValidatesCaptcha.generate_captcha_code)
+            json = { :encrypted_captcha_code => encrypted_code, :captcha_image_path => image_path(encrypted_code) }.to_json
+            
+            [200, { 'Content-Type' => 'application/json' }, [json]]
+          else
+            decrypted_code = ValidatesCaptcha.decrypt_captcha_code($1)
+          
+            if decrypted_code.nil?
+              [422, { 'Content-Type' => 'text/html' }, ['Unprocessable Entity']]
+            else
+              image_data = ValidatesCaptcha.generate_captcha_image(decrypted_code)
+              
+              response_headers = {
+                'Content-Length'            => image_data.bytesize.to_s,
+                'Content-Type'              => ValidatesCaptcha.captcha_image_mime_type,
+                'Content-Disposition'       => 'inline',
+                'Content-Transfer-Encoding' => 'binary',
+                'Cache-Control'             => 'private'
+              }
+              
+              [200, response_headers, [image_data]]
+            end
+          end
+        else
+          [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
+        end
+      end
+    end
+  end
+end

data/lib/validates_captcha/model_validation.rb

@@ -0,0 +1,66 @@
+module ValidatesCaptcha
+  module ModelValidation
+    def self.included(base) #:nodoc:
+      base.extend ClassMethods
+      base.send :include, InstanceMethods
+      
+      base.class_eval do
+        attr_accessible :captcha, :encrypted_captcha
+        attr_accessor :captcha
+        attr_writer :encrypted_captcha
+        
+        validate :validate_captcha, :if => :validate_captcha?
+      end
+    end
+    
+    module ClassMethods
+      # Activates captcha validation on entering the block and deactivates 
+      # captcha validation on leaving the block.
+      #
+      # Example:
+      #
+      #   User.with_captcha_validation do
+      #     @user = User.new(...)
+      #     @user.save
+      #   end
+      def with_captcha_validation(&block)
+        self.validate_captcha = true
+        result = yield
+        self.validate_captcha = false
+        result
+      end
+          
+      # Returns +true+ if captcha validation is activated, otherwise +false+.
+      def validate_captcha? #:nodoc:
+        @validate_captcha == true
+      end
+      
+      private
+        def validate_captcha=(value) #:nodoc:
+          @validate_captcha = value
+        end
+    end
+    
+    module InstanceMethods #:nodoc:
+      def encrypted_captcha #:nodoc:
+        return @encrypted_captcha unless @encrypted_captcha.blank?
+        @encrypted_captcha = ValidatesCaptcha.encrypt_captcha_code(ValidatesCaptcha.generate_captcha_code)
+      end
+      
+      private      
+        def validate_captcha? #:nodoc:
+          self.class.validate_captcha?
+        end
+        
+        def validate_captcha #:nodoc:
+          errors.add(:captcha, :blank) and return if captcha.blank?
+          errors.add(:captcha, :invalid) unless captcha_valid?
+        end
+      
+        def captcha_valid? #:nodoc:
+          ValidatesCaptcha.encrypt_captcha_code(captcha) == encrypted_captcha
+        end        
+    end
+  end
+end
+

data/lib/validates_captcha/reversible_encrypter/simple.rb

@@ -0,0 +1,54 @@
+require 'openssl'
+require 'active_support/secure_random'
+
+module ValidatesCaptcha
+  module ReversibleEncrypter
+    # This class is responsible for encrypting and decrypting captcha codes. 
+    # It internally uses AES256 to do the string encryption/decryption.
+    #
+    # You can implement your own reversible encrypter by creating a class 
+    # that conforms to the method definitions of the example below and 
+    # assign an instance of it to ValidatesCaptcha#reversible_encrypter=.
+    #
+    # Example for a custom encrypter/decrypter:
+    #
+    #  class ReverseString # very insecure and easily cracked
+    #    def encrypt(code)
+    #      code.reverse
+    #    end
+    #
+    #    def decrypt(encrypted_code)
+    #      encrypted_code.reverse
+    #    rescue SomeKindOfDecryptionError
+    #      nil
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha.reversible_encrypter = ReverseString.new
+    #
+    # Please note: The #decrypt method should return +nil+ if decryption fails. 
+    class Simple
+      KEY = ::ActiveSupport::SecureRandom.hex(32).freeze
+      
+      def initialize #:nodoc:
+        @aes = OpenSSL::Cipher::Cipher.new('AES-256-ECB')
+      end
+    
+      # Encrypts a cleartext string using #key as encryption key. 
+      def encrypt(code)
+        @aes.encrypt
+        @aes.key = KEY
+        [@aes.update(code) + @aes.final].pack("m").tr('+/=', '-_ ').strip.gsub("\n", '')
+      end
+    
+      # Decrypts an encrypted string using using #key as decryption key.
+      def decrypt(encrypted_code)
+        @aes.decrypt
+        @aes.key = KEY
+        @aes.update((encrypted_code + '=' * (4 - encrypted_code.size % 4)).tr('-_', '+/').unpack("m").first) + @aes.final
+      rescue # OpenSSL::CipherError, OpenSSL::Cipher::CipherError
+        nil
+      end
+    end
+  end
+end

data/lib/validates_captcha/string_generator/simple.rb

@@ -0,0 +1,77 @@
+module ValidatesCaptcha
+  module StringGenerator
+    # This class is responsible for generating the codes that are displayed 
+    # on the captcha images. It does so by randomly selecting a number of 
+    # characters from a predefined alphabet constisting of visually distinguishable 
+    # letters and digits.
+    #
+    # The number of characters and the alphabet used when generating strings can 
+    # be customized. See the #alphabet= and #length= methods for details.
+    #
+    # You can implement your own string generator by creating a 
+    # class that conforms to the method definitions of the example below and 
+    # assign an instance of it to ValidatesCaptcha#string_generator=.
+    #
+    # Example for a custom string generator:
+    #
+    #  class DictionaryGenerator
+    #    DICTIONARY = ['foo', 'bar', 'baz', ...]
+    #  
+    #    def generate
+    #      return DICTIONARY[rand(DICTIONARY.size)]
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha.string_generator = DictionaryGenerator.new
+    #    
+    class Simple
+      @@alphabet = 'abdefghjkmnqrtABDEFGHJKLMNQRT234678923467892346789'
+      @@length = 6
+      
+      class << self
+        # Returns a string holding the chars used when randomly generating the text that 
+        # is displayed on a captcha image. Defaults to a string of visually distinguishable 
+        # letters and digits.
+        def alphabet
+          @@alphabet
+        end
+
+        # Sets the string to use as alphabet when randomly generating the text displayed 
+        # on a captcha image. To increase the probability of appearing in the image, some 
+        # characters might appear more than once in the string.
+        #
+        # You can set this to a custom alphabet within a Rails initializer:
+        #
+        #  ValidatesCaptcha::StringGenerator::Simple.alphabet = '01'
+        def alphabet=(alphabet)
+          alphabet = alphabet.to_s.gsub(/\s/, '')
+          raise('alphabet cannot be blank') if alphabet.blank?
+          
+          @@alphabet = alphabet
+        end
+    
+        # Returns the length to use when generating captcha codes. Defaults to 6.
+        def length
+          @@length
+        end
+
+        # Sets the length to use when generating captcha codes.
+        #
+        # You can set this to a custom length within a Rails initializer:
+        #
+        #  ValidatesCaptcha::StringGenerator::Simple.length = 8
+        def length=(length)
+          @@length = length.to_i
+        end
+      end
+      
+      # Randomly generates a string to be used as the code displayed on captcha images.
+      def generate
+        alphabet_chars = self.class.alphabet.split(//)
+        code_chars = []
+        self.class.length.times { code_chars << alphabet_chars[rand(alphabet_chars.size)] }
+        code_chars.join
+      end
+    end
+  end
+end

data/lib/validates_captcha/test_case.rb

@@ -0,0 +1,12 @@
+require 'active_support/test_case'
+
+module ValidatesCaptcha #:nodoc:
+  class TestCase < ActiveSupport::TestCase #:nodoc:
+    def assert_greater_than(expected, size, message = '')
+      _wrap_assertion do
+        full_message = build_message(message, "<?> expected to be greater than <?>.", size, expected)
+        assert_block(full_message) { size > expected }
+      end
+    end
+  end
+end

data/lib/validates_captcha/version.rb

@@ -0,0 +1,9 @@
+module ValidatesCaptcha #:nodoc:
+  module VERSION #:nodoc:
+    MAJOR = 0
+    MINOR = 9
+    TINY = 0
+ 
+    STRING = [MAJOR, MINOR, TINY].join('.')
+  end
+end

data/lib/validates_captcha.rb

@@ -0,0 +1,170 @@
+#--
+# Copyright (c) 2009 Martin Andert
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+#++
+
+
+# This module contains the getters and setters for the backend classes: 
+# image/string generator, reversible encrypter, and Rack middleware. This 
+# allows you to replace them with your custom implementations. For more 
+# information on how to bring Validates Captcha to use your own 
+# implementation instead of the default one, consult the documentation 
+# for the specific default class.
+# 
+# This module also contains convenience wrapper methods for all the 
+# methods provided by the configured backend classes. These wrapper 
+# methods form the API that is visible to the outside world and that 
+# all backend classes use for internal communication.
+module ValidatesCaptcha
+  autoload :ModelValidation, 'validates_captcha/model_validation'
+  autoload :ControllerValidation, 'validates_captcha/controller_validation'
+  autoload :FormHelper, 'validates_captcha/form_helper'
+  autoload :FormBuilder, 'validates_captcha/form_builder'
+  autoload :TestCase, 'validates_captcha/test_case'
+  autoload :VERSION, 'validates_captcha/version'
+  
+  module ImageGenerator
+    autoload :Simple, 'validates_captcha/image_generator/simple'
+  end
+  
+  module StringGenerator
+    autoload :Simple, 'validates_captcha/string_generator/simple'
+  end
+  
+  module ReversibleEncrypter
+    autoload :Simple, 'validates_captcha/reversible_encrypter/simple'
+  end
+  
+  module Middleware
+    autoload :Simple, 'validates_captcha/middleware/simple'
+  end  
+  
+  @@image_generator = nil
+  @@string_generator = nil
+  @@reversible_encrypter = nil
+  @@middleware = nil
+  
+  class << self
+    # Returns ValidatesCaptcha's current version number.
+    def version
+      ValidatesCaptcha::VERSION::STRING
+    end
+    
+    # Returns the current captcha image generator. Defaults to an 
+    # instance of the ValidatesCaptcha::ImageGenerator::Simple class.
+    def image_generator
+      @@image_generator ||= ImageGenerator::Simple.new
+    end
+
+    # Sets the current captcha image generator. Used to set a custom 
+    # image generator.
+    def image_generator=(generator)
+      @@image_generator = generator
+    end
+    
+    # Returns the current captcha string generator. Defaults to an 
+    # instance of the ValidatesCaptcha::StringGenerator::Simple class.
+    def string_generator
+      @@string_generator ||= StringGenerator::Simple.new
+    end
+
+    # Sets the current captcha string generator. Used to set a 
+    # custom string generator.
+    def string_generator=(generator)
+      @@string_generator = generator
+    end
+    
+    # Returns the current captcha reversible encrypter. Defaults to an 
+    # instance of the ValidatesCaptcha::ReversibleEncrypter::Simple class.
+    def reversible_encrypter
+      @@reversible_encrypter ||= ReversibleEncrypter::Simple.new
+    end
+
+    # Sets the current captcha reversible encrypter. Used to set a 
+    # custom reversible encrypter.
+    def reversible_encrypter=(encrypter)
+      @@reversible_encrypter = encrypter
+    end
+    
+    # Returns the current captcha middleware. Defaults to the 
+    # ValidatesCaptcha::Middleware::Simple class.
+    def middleware
+      @@middleware ||= Middleware::Simple.new
+    end
+
+    # Sets the current captcha middleware. Used to set a custom 
+    # middleware.
+    def middleware=(middleware)
+      @@middleware = middleware
+    end
+    
+    # Randomly generates a string which can be used as the code 
+    # displayed on captcha images. This method internally calls 
+    # +string_generator.generate+.
+    def generate_captcha_code
+      string_generator.generate
+    end
+    
+    # Returns the image data of the generated captcha image. This 
+    # method internally calls +image_generator.generate+.
+    def generate_captcha_image(code)
+      image_generator.generate(code)
+    end
+    
+    # Returns the image file extension of the captcha images. This 
+    # method internally calls +image_generator.image_file_extension+.
+    def captcha_image_file_extension
+      image_generator.image_file_extension
+    end
+    
+    # Returns the image mime type of the captcha images. This 
+    # method internally calls +image_generator.image_mime_type+.
+    def captcha_image_mime_type
+      image_generator.image_mime_type
+    end
+    
+    # Returns the encryption of a cleartext captcha code. This 
+    # method internally calls +reversible_encrypter.encrypt+.
+    def encrypt_captcha_code(code)
+      reversible_encrypter.encrypt(code)
+    end
+    
+    # Returns the decryption of an encrypted captcha code. This 
+    # method internally calls +reversible_encrypter.decrypt+.
+    def decrypt_captcha_code(encrypted_code)
+      reversible_encrypter.decrypt(encrypted_code)
+    end
+    
+    # Returns the captcha image path for a given encrypted code. This 
+    # method internally calls +middleware.image_path+.
+    def captcha_image_path(encrypted_code)
+      middleware.image_path(encrypted_code)
+    end
+    
+    # Returns the path that is used when requesting the regeneration 
+    # of a captcha image. This method internally calls 
+    # +middleware.regenerate_path+.
+    def regenerate_captcha_path
+      middleware.regenerate_path
+    end
+  end
+end
+

data/rails/init.rb

@@ -0,0 +1,29 @@
+require 'validates_captcha'
+
+config.after_initialize do
+  ::ActiveRecord::Base.send :include, ValidatesCaptcha::ModelValidation
+  ::ActionController::Base.send :include, ValidatesCaptcha::ControllerValidation
+  ::ActionView::Base.send :include, ValidatesCaptcha::FormHelper
+  ::ActionView::Helpers::FormBuilder.send :include, ValidatesCaptcha::FormBuilder
+end
+
+module ::ValidatesCaptcha
+  class MiddlewareWrapper
+    RECOGNIZED_RESPONSE_STATUS_CODES = [200, 422].freeze
+    
+    def initialize(app)
+      @app = app
+    end
+    
+    def call(env)
+      result = ValidatesCaptcha.middleware.call(env)
+      
+      return @app.call(env) unless RECOGNIZED_RESPONSE_STATUS_CODES.include?(result.first)
+      
+      result
+    end
+  end
+end
+
+config.middleware.use ::ValidatesCaptcha::MiddlewareWrapper
+

data/test/cases/controller_validation_test.rb

@@ -0,0 +1,125 @@
+require 'test_helper'
+require 'action_controller'
+
+ActionController::Routing::Routes.draw do |map|
+  map.connect ':controller/:action/:id'
+end
+
+class WidgetsController < ActionController::Base
+  include ValidatesCaptcha::ControllerValidation
+  
+  validates_captcha :except => [:update, :save, :persist, :bingo]
+  validates_captcha_of :widgets, :only => :update
+  validates_captcha_of Widget, :only => [:save, :persist]
+  
+  def create
+    begin
+      Widget.new.save!
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+    
+    render :nothing => true
+  end
+  
+  def update
+    begin
+      Widget.new.save!
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+    
+    render :nothing => true
+  end
+  
+  def save
+    encrypted = ValidatesCaptcha.encrypt_captcha_code('take this')
+    decrypted = ValidatesCaptcha.decrypt_captcha_code(encrypted)
+    
+    begin
+      Widget.create! :captcha => decrypted, :encrypted_captcha => encrypted
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+
+    render :nothing => true
+  end
+  
+  def store
+    encrypted = ValidatesCaptcha.encrypt_captcha_code('take this')
+    decrypted = ValidatesCaptcha.decrypt_captcha_code(encrypted) + 'ha!'
+    
+    begin
+      Widget.create! :captcha => decrypted, :encrypted_captcha => encrypted
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+
+    render :nothing => true
+  end
+  
+  def persist
+    encrypted = ValidatesCaptcha.encrypt_captcha_code('take this')
+    decrypted = ValidatesCaptcha.decrypt_captcha_code(encrypted) + 'ha!'
+    
+    begin
+      Widget.create! :captcha => decrypted, :encrypted_captcha => encrypted
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+
+    render :nothing => true
+  end
+  
+  def bingo
+    begin
+      Widget.new.save!
+    rescue ActiveRecord::RecordInvalid
+      @invalid = true
+    end
+    
+    render :nothing => true
+  end
+end
+
+class ControllerValidationTest < ActionController::TestCase
+  tests WidgetsController
+  
+  test "defines a class level #validates_captcha method" do
+    assert_respond_to WidgetsController, :validates_captcha
+  end
+  
+  test "defines a class level #validates_captcha_of method" do
+    assert_respond_to WidgetsController, :validates_captcha_of
+  end
+  
+  test "calling #create method of controller should assign @invalid" do
+    post :create
+    assert_not_nil assigns(:invalid)
+  end
+  
+  test "calling #update method of controller should assign @invalid" do
+    post :update
+    assert_not_nil assigns(:invalid)
+  end
+  
+  test "calling #save method of controller should not assign @invalid" do
+    post :save
+    assert_nil assigns(:invalid)
+  end
+  
+  test "calling #store method of controller should should assign @invalid" do
+    post :store
+    assert_not_nil assigns(:invalid)
+  end
+  
+  test "calling #persist method of controller should should assign @invalid" do
+    post :persist
+    assert_not_nil assigns(:invalid)
+  end
+  
+  test "calling #bingo method of controller should not assign @invalid" do
+    post :bingo
+    assert_nil assigns(:invalid)
+  end
+end

data/test/cases/image_generator_test.rb

@@ -0,0 +1,33 @@
+require 'test_helper'
+
+IG = ValidatesCaptcha::ImageGenerator::Simple
+
+class ImageGeneratorTest < ValidatesCaptcha::TestCase
+  test "defines an instance level #generate method" do
+    assert_respond_to IG.new, :generate
+  end
+  
+  test "instance level #generate method accepts an argument" do
+    assert_nothing_raised { IG.new.generate('abc') }
+  end
+  
+  test "instance level #generate method returns a string" do
+    assert_kind_of String, IG.new.generate('abc')
+  end
+  
+  test "defines an instance level #image_file_extension method" do
+    assert_respond_to IG.new, :image_file_extension
+  end
+  
+  test "instance level #image_file_extension method returns a string" do
+    assert_kind_of String, IG.new.image_file_extension
+  end
+  
+  test "defines an instance level #image_mime_type method" do
+    assert_respond_to IG.new, :image_mime_type
+  end
+  
+  test "instance level #image_mime_type method returns a string" do
+    assert_kind_of String, IG.new.image_mime_type
+  end
+end