validates_captcha 0.9.4 → 0.9.5

data/CHANGELOG.rdoc

@@ -1,3 +1,12 @@
+== 0.9.5 (October 9, 2009)
+
+* API change: renamed Provider::Image to Provider::DynamicImage in order to guard against confusion
+
+* API change: renamed ReversibleEncrypter to SymmetricEncryptor
+
+* ReversibleEncrypter::Simple class now uses ActiveSupport's MessageEncryptor instead of custom implementation
+
+
 == 0.9.4 (October 7, 2009)
 
 * Include new StaticImage provider

data/README.rdoc

@@ -178,7 +178,7 @@ You can set the captcha provider to use dynamically created image challenges
 with the code below.  Dynamic means that the captcha image is created on invocation.  
 If you want to utilize this provider, it is best to put this in a Rails initializer.
 
-  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
+  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
 
 By default, image captchas have a length of 6 characters and the text displayed 
 on the captcha image is created by randomly selecting characters from a 
@@ -233,7 +233,7 @@ that creates images that are harder to crack.
 Please see the documentation of the following classes for further information.
 
 * ValidatesCaptcha::StringGenerator::Simple
-* ValidatesCaptcha::ReversibleEncrypter::Simple
+* ValidatesCaptcha::SymmetricEncryptor::Simple
 * ValidatesCaptcha::ImageGenerator::Simple
 
 Or you can implement a custom captcha challenge provider and assign it to 

data/lib/validates_captcha.rb

@@ -37,7 +37,7 @@ module ValidatesCaptcha
   
   module Provider
     autoload :Question, 'validates_captcha/provider/question'
-    autoload :Image, 'validates_captcha/provider/image'
+    autoload :DynamicImage, 'validates_captcha/provider/dynamic_image'
     autoload :StaticImage, 'validates_captcha/provider/static_image'
   end
   
@@ -45,8 +45,8 @@ module ValidatesCaptcha
     autoload :Simple, 'validates_captcha/string_generator/simple'
   end
   
-  module ReversibleEncrypter
-    autoload :Simple, 'validates_captcha/reversible_encrypter/simple'
+  module SymmetricEncryptor
+    autoload :Simple, 'validates_captcha/symmetric_encryptor/simple'
   end
   
   module ImageGenerator

data/lib/validates_captcha/image_generator/simple.rb

@@ -19,8 +19,7 @@ module ValidatesCaptcha
     # for your own implementations.
     #
     # You can implement your own (better) image generator by creating a 
-    # class that conforms to the method definitions of the example below and 
-    # assign an instance of it to ValidatesCaptcha::Provider::Image#image_generator=.
+    # class that conforms to the method definitions of the example below.
     #
     # Example for a custom image generator:
     #
@@ -40,8 +39,15 @@ module ValidatesCaptcha
     #    end
     #  end
     #
-    #  ValidatesCaptcha::Provider::Image.image_generator = AdvancedImageGenerator.new
-    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
+    # Then assign an instance of it to ValidatesCaptcha::Provider::DynamicImage#image_generator=.
+    #
+    #  ValidatesCaptcha::Provider::DynamicImage.image_generator = AdvancedImageGenerator.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
+    #
+    # Or to ValidatesCaptcha::Provider::StaticImage#image_generator=.
+    #
+    #  ValidatesCaptcha::Provider::StaticImage.image_generator = AdvancedImageGenerator.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::StaticImage.new
     #    
     class Simple
       MIME_TYPE = 'image/gif'.freeze

data/lib/validates_captcha/provider/{image.rb → dynamic_image.rb}

@@ -63,7 +63,7 @@ module ValidatesCaptcha
     # An image captcha provider.
     #
     # This class contains the getters and setters for the backend classes:
-    # image generator, string generator, and reversible encrypter.  This
+    # image generator, string generator, and symmetric encryptor.  This
     # allows you to replace them with your custom implementations.  For more
     # information on how to bring the image provider to use your own
     # implementation instead of the default one, consult the documentation
@@ -75,11 +75,11 @@ module ValidatesCaptcha
     # But you are not bound to ImageMagick.  If you want to provide a custom image 
     # generator, take a look at the documentation for 
     # ValidatesCaptcha::ImageGenerator::Simple on how to create your own.
-    class Image
+    class DynamicImage
       include ActionView::Helpers
       
       @@string_generator = nil
-      @@reversible_encrypter = nil
+      @@symmetric_encryptor = nil
       @@image_generator = nil
       
       class << self
@@ -95,16 +95,16 @@ module ValidatesCaptcha
           @@string_generator = generator
         end
         
-        # Returns the current captcha reversible encrypter. Defaults to an
-        # instance of the ValidatesCaptcha::ReversibleEncrypter::Simple class.
-        def reversible_encrypter
-          @@reversible_encrypter ||= ValidatesCaptcha::ReversibleEncrypter::Simple.new
+        # Returns the current captcha symmetric encryptor. Defaults to an
+        # instance of the ValidatesCaptcha::SymmetricEncryptor::Simple class.
+        def symmetric_encryptor
+          @@symmetric_encryptor ||= ValidatesCaptcha::SymmetricEncryptor::Simple.new
         end
         
-        # Sets the current captcha reversible encrypter. Used to set a
-        # custom reversible encrypter.
-        def reversible_encrypter=(encrypter)
-          @@reversible_encrypter = encrypter
+        # Sets the current captcha symmetric encryptor. Used to set a
+        # custom symmetric encryptor.
+        def symmetric_encryptor=(encryptor)
+          @@symmetric_encryptor = encryptor
         end
         
         # Returns the current captcha image generator. Defaults to an
@@ -166,7 +166,7 @@ module ValidatesCaptcha
       # Returns true if the captcha was solved using the given +challenge+ and +solution+, 
       # otherwise false.
       def solved?(challenge, solution)
-        challenge == encrypt(solution)
+        decrypt(challenge) == solution
       end
       
       # Returns an image tag with the source set to the url of the captcha image.
@@ -211,11 +211,11 @@ module ValidatesCaptcha
         end
       
         def encrypt(code) #:nodoc:
-          self.class.reversible_encrypter.encrypt code
+          self.class.symmetric_encryptor.encrypt code
         end
       
         def decrypt(encrypted_code) #:nodoc:
-          self.class.reversible_encrypter.decrypt encrypted_code
+          self.class.symmetric_encryptor.decrypt encrypted_code
         end
         
         def generate_code #:nodoc:

data/lib/validates_captcha/string_generator/simple.rb

@@ -10,7 +10,8 @@ module ValidatesCaptcha
     #
     # You can implement your own string generator by creating a 
     # class that conforms to the method definitions of the example below and 
-    # assign an instance of it to ValidatesCaptcha::Provider::Image#string_generator=.
+    # assign an instance of it to 
+    # ValidatesCaptcha::Provider::DynamicImage#string_generator=.
     #
     # Example for a custom string generator:
     #
@@ -22,8 +23,10 @@ module ValidatesCaptcha
     #    end
     #  end
     #
-    #  ValidatesCaptcha::Provider::Image.string_generator = DictionaryGenerator.new
-    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
+    #  ValidatesCaptcha::Provider::DynamicImage.string_generator = DictionaryGenerator.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
+    #
+    # You can also assign it to ValidatesCaptcha::Provider::StaticImage#string_generator=.
     #    
     class Simple
       @@alphabet = 'abdefghjkmnqrtABDEFGHJKLMNQRT234678923467892346789'

data/lib/validates_captcha/symmetric_encryptor/simple.rb

@@ -0,0 +1,52 @@
+require 'active_support'
+
+module ValidatesCaptcha
+  module SymmetricEncryptor
+    # This class is responsible for encrypting and decrypting captcha codes. 
+    # It internally uses ActiveSupport's MessageEncryptor to do the string 
+    # encryption/decryption.
+    #
+    # You can implement your own symmetric encryptor by creating a class 
+    # that conforms to the method definitions of the example below and 
+    # assign an instance of it to 
+    # ValidatesCaptcha::Provider::DynamicImage#symmetric_encryptor=.
+    #
+    # Example for a custom symmetric encryptor:
+    #
+    #  class ReverseString # very insecure and easily cracked
+    #    def encrypt(code)
+    #      code.reverse
+    #    end
+    #
+    #    def decrypt(encrypted_code)
+    #      encrypted_code.reverse
+    #    rescue SomeKindOfDecryptionError
+    #      nil
+    #    end
+    #  end
+    #
+    #  ValidatesCaptcha::Provider::DynamicImage.symmetric_encryptor = ReverseString.new
+    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
+    #
+    # Please note: The #decrypt method should return +nil+ if decryption fails. 
+    class Simple
+      KEY = ::ActiveSupport::SecureRandom.hex(64).freeze
+      
+      def initialize #:nodoc:
+        @symmetric_encryptor = ::ActiveSupport::MessageEncryptor.new(KEY)
+      end
+    
+      # Encrypts a cleartext string. 
+      def encrypt(code)
+        @symmetric_encryptor.encrypt(code).gsub('+', '%2B').gsub('/', '%2F')
+      end
+    
+      # Decrypts an encrypted string.
+      def decrypt(encrypted_code)
+        @symmetric_encryptor.decrypt encrypted_code.gsub('%2F', '/').gsub('%2B', '+')
+      rescue ::ActiveSupport::MessageEncryptor::InvalidMessage
+        nil
+      end
+    end
+  end
+end

data/lib/validates_captcha/version.rb

@@ -2,7 +2,7 @@ module ValidatesCaptcha #:nodoc:
   module VERSION #:nodoc:
     MAJOR = 0
     MINOR = 9
-    TINY = 4
+    TINY = 5
  
     STRING = [MAJOR, MINOR, TINY].join('.')
   end

data/test/cases/controller_validation_test.rb

@@ -78,7 +78,7 @@ class ControllerValidationTest < ActionController::TestCase
   
   def with_dynamic_image_provider(&block)
     old_provider = ValidatesCaptcha.provider
-    provider = ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
+    provider = ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
     yield provider
     ValidatesCaptcha.provider = old_provider
   end

data/test/cases/model_validation_test.rb

@@ -3,7 +3,7 @@ require 'test_helper'
 class ModelValidationTest < ValidatesCaptcha::TestCase
   def with_dynamic_image_provider(&block)
     old_provider = ValidatesCaptcha.provider
-    provider = ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
+    provider = ValidatesCaptcha.provider = ValidatesCaptcha::Provider::DynamicImage.new
     yield provider
     ValidatesCaptcha.provider = old_provider
   end

data/test/cases/provider/{image_test.rb → dynamic_image_test.rb}

@@ -1,8 +1,8 @@
 require 'test_helper'
 
-IMAGE = ValidatesCaptcha::Provider::Image
+IMAGE = ValidatesCaptcha::Provider::DynamicImage
 
-class ImageTest < ValidatesCaptcha::TestCase
+class DynamicImageTest < ValidatesCaptcha::TestCase
   test "defines a class level #string_generator method" do
     assert_respond_to IMAGE, :string_generator
   end
@@ -20,21 +20,21 @@ class ImageTest < ValidatesCaptcha::TestCase
     IMAGE.string_generator = old_string_generator
   end
   
-  test "defines a class level #reversible_encrypter method" do
-    assert_respond_to IMAGE, :reversible_encrypter
+  test "defines a class level #symmetric_encryptor method" do
+    assert_respond_to IMAGE, :symmetric_encryptor
   end
   
-  test "defines a class level #reversible_encrypter= method" do
-    assert_respond_to IMAGE, :reversible_encrypter=
+  test "defines a class level #symmetric_encryptor= method" do
+    assert_respond_to IMAGE, :symmetric_encryptor=
   end
   
-  test "#reversible_encrypter method's return value should equal the value set using the #reversible_encrypter= method" do
-    old_reversible_encrypter = IMAGE.reversible_encrypter
+  test "#symmetric_encryptor method's return value should equal the value set using the #symmetric_encryptor= method" do
+    old_symmetric_encryptor = IMAGE.symmetric_encryptor
     
-    IMAGE.reversible_encrypter = 'abc'
-    assert_equal 'abc', IMAGE.reversible_encrypter
+    IMAGE.symmetric_encryptor = 'abc'
+    assert_equal 'abc', IMAGE.symmetric_encryptor
     
-    IMAGE.reversible_encrypter = old_reversible_encrypter
+    IMAGE.symmetric_encryptor = old_symmetric_encryptor
   end
   
   test "defines a class level #image_generator method" do

data/test/cases/{reversible_encrypter → symmetric_encryptor}/simple_test.rb

@@ -1,27 +1,27 @@
 require 'test_helper'
  
-RE = ValidatesCaptcha::ReversibleEncrypter::Simple
+SE = ValidatesCaptcha::SymmetricEncryptor::Simple
  
-class ReversibleEncrypterTest < ValidatesCaptcha::TestCase
+class SymmetricEncryptorTest < ValidatesCaptcha::TestCase
   test "defines an instance level #encrypt method" do
-    assert_respond_to RE.new, :encrypt
+    assert_respond_to SE.new, :encrypt
   end
   
   test "instance level #encrypt method returns a string" do
-    assert_kind_of String, RE.new.encrypt('abc')
+    assert_kind_of String, SE.new.encrypt('abc')
   end
   
   test "defines an instance level #decrypt method" do
-    assert_respond_to RE.new, :decrypt
+    assert_respond_to SE.new, :decrypt
   end
   
   test "instance level #decrypt method returns nil if decryption failes" do
-    assert_nil RE.new.decrypt('invalid')
+    assert_nil SE.new.decrypt('invalid')
   end
   
   test "decryption of encryption of string should equal the string" do
     %w(d3crypti0n 3ncrypt3d 5trin9 sh0u1d equ41 th3 c4ptch4).each do |captcha|
-      assert_equal captcha, RE.new.decrypt(RE.new.encrypt(captcha))
+      assert_equal captcha, SE.new.decrypt(SE.new.encrypt(captcha))
     end
   end
 end

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification 
 name: validates_captcha
 version: !ruby/object:Gem::Version 
-  version: 0.9.4
+  version: 0.9.5
 platform: ruby
 authors: 
 - Martin Andert
@@ -9,7 +9,7 @@ autorequire:
 bindir: bin
 cert_chain: []
 
-date: 2009-10-07 00:00:00 +02:00
+date: 2009-10-09 00:00:00 +02:00
 default_executable: 
 dependencies: 
 - !ruby/object:Gem::Dependency 
@@ -53,11 +53,11 @@ files:
 - lib/validates_captcha/form_helper.rb
 - lib/validates_captcha/image_generator/simple.rb
 - lib/validates_captcha/model_validation.rb
-- lib/validates_captcha/provider/image.rb
+- lib/validates_captcha/provider/dynamic_image.rb
 - lib/validates_captcha/provider/question.rb
 - lib/validates_captcha/provider/static_image.rb
-- lib/validates_captcha/reversible_encrypter/simple.rb
 - lib/validates_captcha/string_generator/simple.rb
+- lib/validates_captcha/symmetric_encryptor/simple.rb
 - lib/validates_captcha/test_case.rb
 - lib/validates_captcha/version.rb
 - rails/init.rb
@@ -65,11 +65,11 @@ files:
 - test/cases/controller_validation_test.rb
 - test/cases/image_generator/simple_test.rb
 - test/cases/model_validation_test.rb
-- test/cases/provider/image_test.rb
+- test/cases/provider/dynamic_image_test.rb
 - test/cases/provider/question_test.rb
 - test/cases/provider/static_image_test.rb
-- test/cases/reversible_encrypter/simple_test.rb
 - test/cases/string_generator/simple_test.rb
+- test/cases/symmetric_encryptor/simple_test.rb
 - test/cases/validates_captcha_test.rb
 - test/test_helper.rb
 has_rdoc: true
@@ -79,7 +79,7 @@ licenses: []
 post_install_message: 
 rdoc_options: 
 - --title
-- Validates Captcha 0.9.4
+- Validates Captcha 0.9.5
 - --main
 - README.rdoc
 - --line-numbers
@@ -111,10 +111,10 @@ test_files:
 - test/cases/controller_validation_test.rb
 - test/cases/image_generator/simple_test.rb
 - test/cases/model_validation_test.rb
-- test/cases/provider/image_test.rb
+- test/cases/provider/dynamic_image_test.rb
 - test/cases/provider/question_test.rb
 - test/cases/provider/static_image_test.rb
-- test/cases/reversible_encrypter/simple_test.rb
 - test/cases/string_generator/simple_test.rb
+- test/cases/symmetric_encryptor/simple_test.rb
 - test/cases/validates_captcha_test.rb
 - test/test_helper.rb

data/lib/validates_captcha/reversible_encrypter/simple.rb

@@ -1,55 +0,0 @@
-require 'openssl'
-require 'active_support/secure_random'
-
-module ValidatesCaptcha
-  module ReversibleEncrypter
-    # This class is responsible for encrypting and decrypting captcha codes. 
-    # It internally uses AES256 to do the string encryption/decryption.
-    #
-    # You can implement your own reversible encrypter by creating a class 
-    # that conforms to the method definitions of the example below and 
-    # assign an instance of it to ValidatesCaptcha::Provider::Image#reversible_encrypter=.
-    #
-    # Example for a custom encrypter/decrypter:
-    #
-    #  class ReverseString # very insecure and easily cracked
-    #    def encrypt(code)
-    #      code.reverse
-    #    end
-    #
-    #    def decrypt(encrypted_code)
-    #      encrypted_code.reverse
-    #    rescue SomeKindOfDecryptionError
-    #      nil
-    #    end
-    #  end
-    #
-    #  ValidatesCaptcha::Provider::Image.reversible_encrypter = ReverseString.new
-    #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::Image.new
-    #
-    # Please note: The #decrypt method should return +nil+ if decryption fails. 
-    class Simple
-      KEY = ::ActiveSupport::SecureRandom.hex(32).freeze
-      
-      def initialize #:nodoc:
-        @aes = OpenSSL::Cipher::Cipher.new('AES-256-ECB')
-      end
-    
-      # Encrypts a cleartext string using #key as encryption key. 
-      def encrypt(code)
-        @aes.encrypt
-        @aes.key = KEY
-        [@aes.update(code) + @aes.final].pack("m").tr('+/=', '-_ ').strip.gsub("\n", '')
-      end
-    
-      # Decrypts an encrypted string using using #key as decryption key.
-      def decrypt(encrypted_code)
-        @aes.decrypt
-        @aes.key = KEY
-        @aes.update((encrypted_code + '=' * (4 - encrypted_code.size % 4)).tr('-_', '+/').unpack("m").first) + @aes.final
-      rescue # OpenSSL::CipherError, OpenSSL::Cipher::CipherError
-        nil
-      end
-    end
-  end
-end