validates_captcha 0.9.5 → 0.9.6

data/CHANGELOG.rdoc

@@ -1,3 +1,8 @@
+== 0.9.6 (October 30, 2009)
+
+* Do not make captcha_challenge and captcha_solution attr_accessible. Instead overwrite AR#attributes= so they can be mass assigned.
+
+
 == 0.9.5 (October 9, 2009)
 
 * API change: renamed Provider::Image to Provider::DynamicImage in order to guard against confusion
@@ -20,3 +25,4 @@
 == 0.9.2 (September 27, 2009)
 
 * Initial version
+

data/Rakefile

@@ -29,10 +29,10 @@ Rake::RDocTask.new do |rdoc|
   rdoc.rdoc_dir = 'doc'
   rdoc.title = "Validates Captcha"
   rdoc.main = "README.rdoc"
- 
+
   rdoc.options << '--line-numbers' << '--inline-source'
   rdoc.options << '--charset' << 'utf-8'
-  
+
   rdoc.rdoc_files.include 'README.rdoc'
   rdoc.rdoc_files.include 'MIT-LICENSE'
   rdoc.rdoc_files.include 'CHANGELOG.rdoc'
@@ -52,18 +52,18 @@ end
 
 desc 'Run tests by default'
 task :default => :test
- 
+
 Rake::TestTask.new do |t|
   t.libs << 'test'
   t.test_files = FileList['test/**/*_test.rb']
   #t.verbose = true
   #t.warning = true
 end
- 
- 
- 
+
+
+
 spec = eval(File.read('validates_captcha.gemspec'))
- 
+
 Rake::GemPackageTask.new(spec) do |pkg|
   pkg.gem_spec = spec
   pkg.need_tar = true
@@ -76,9 +76,9 @@ desc 'Publish the release files to RubyForge'
 task :release => [:package] do
   require 'rubyforge'
   require 'rake/contrib/rubyforgepublisher'
- 
+
   packages = %w(gem tgz zip).collect { |ext| "pkg/#{PKG_NAME}-#{PKG_VERSION}.#{ext}" }
- 
+
   rubyforge = RubyForge.new
   rubyforge.configure
   rubyforge.add_release RUBY_FORGE_PROJECT, RUBY_FORGE_PROJECT, RELEASE_NAME, *packages

data/lib/validates_captcha.rb

@@ -22,10 +22,10 @@
 #++
 
 
-# This module contains the getter and setter for the captcha provider. 
-# This allows you to replace it with your custom implementation. For more 
-# information on how to bring Validates Captcha to use your own 
-# implementation instead of the default one, consult the documentation 
+# This module contains the getter and setter for the captcha provider.
+# This allows you to replace it with your custom implementation. For more
+# information on how to bring Validates Captcha to use your own
+# implementation instead of the default one, consult the documentation
 # for the default provider.
 module ValidatesCaptcha
   autoload :ModelValidation, 'validates_captcha/model_validation'
@@ -34,34 +34,34 @@ module ValidatesCaptcha
   autoload :FormBuilder, 'validates_captcha/form_builder'
   autoload :TestCase, 'validates_captcha/test_case'
   autoload :VERSION, 'validates_captcha/version'
-  
+
   module Provider
     autoload :Question, 'validates_captcha/provider/question'
     autoload :DynamicImage, 'validates_captcha/provider/dynamic_image'
     autoload :StaticImage, 'validates_captcha/provider/static_image'
   end
-  
+
   module StringGenerator
     autoload :Simple, 'validates_captcha/string_generator/simple'
   end
-  
+
   module SymmetricEncryptor
     autoload :Simple, 'validates_captcha/symmetric_encryptor/simple'
   end
-  
+
   module ImageGenerator
     autoload :Simple, 'validates_captcha/image_generator/simple'
   end
-  
+
   @@provider = nil
-  
+
   class << self
     # Returns Validates Captcha's current version number.
     def version
       ValidatesCaptcha::VERSION::STRING
     end
-    
-    # Returns the current captcha challenge provider. Defaults to an instance of 
+
+    # Returns the current captcha challenge provider. Defaults to an instance of
     # the ValidatesCaptcha::Provider::Question class.
     def provider
       @@provider ||= Provider::Question.new

data/lib/validates_captcha/controller_validation.rb

@@ -3,12 +3,12 @@ module ValidatesCaptcha
     def self.included(base) #:nodoc:
       base.extend ClassMethods
     end
-    
-    # This module extends ActionController::Base with methods for captcha 
+
+    # This module extends ActionController::Base with methods for captcha
     # verification.
-    module ClassMethods      
-      # This method is the one Validates Captcha got its name from. It 
-      # internally calls #validates_captcha_of with the name of the controller 
+    module ClassMethods
+      # This method is the one Validates Captcha got its name from. It
+      # internally calls #validates_captcha_of with the name of the controller
       # as first argument and passing the conditions hash.
       #
       # Usage Example:
@@ -26,13 +26,13 @@ module ValidatesCaptcha
       def validates_captcha(conditions = {})
         validates_captcha_of controller_name, conditions
       end
-      
+
       # Activates captcha validation for the specified model.
       #
       # The +model+ argument can be a Class, a string, or a symbol.
       #
-      # This method internally creates an around filter, passing the 
-      # +conditions+ argument to it. So you can (de)activate captcha 
+      # This method internally creates an around filter, passing the
+      # +conditions+ argument to it. So you can (de)activate captcha
       # validation for specific actions.
       #
       # Usage examples:
@@ -43,11 +43,11 @@ module ValidatesCaptcha
       #    validates_captcha_of 'user', :except => :persist
       #
       #    # ... actions go here ...
-      #  end      
+      #  end
       def validates_captcha_of(model, conditions = {})
         model = model.is_a?(Class) ? model : model.to_s.classify.constantize
         without_formats = Array.wrap(conditions.delete(:without)).map(&:to_sym)
-        
+
         around_filter(conditions) do |controller, action|
           if without_formats.include?(controller.request.format.to_sym)
             action.call
@@ -61,3 +61,4 @@ module ValidatesCaptcha
     end
   end
 end
+

data/lib/validates_captcha/form_builder.rb

@@ -3,11 +3,11 @@ module ValidatesCaptcha
     def captcha_challenge(options = {}) #:nodoc:
       @template.captcha_challenge @object_name, options.merge(:object => @object)
     end
-    
+
     def captcha_field(options = {}) #:nodoc:
       @template.captcha_field @object_name, options.merge(:object => @object)
     end
-    
+
     def regenerate_captcha_challenge_link(options = {}, html_options = {}) #:nodoc:
       @template.regenerate_captcha_challenge_link @object_name, options.merge(:object => @object), html_options
     end

data/lib/validates_captcha/form_helper.rb

@@ -1,37 +1,37 @@
 module ValidatesCaptcha
   module FormHelper
-    # Returns the captcha challenge. 
+    # Returns the captcha challenge.
     #
     # Internally calls the +render_challenge+ method of ValidatesCaptcha#provider.
     def captcha_challenge(object_name, options = {})
       options.symbolize_keys!
-      
+
       object = options.delete(:object)
       sanitized_object_name = object_name.to_s.gsub(/\]\[|[^-a-zA-Z0-9:.]/, "_").sub(/_$/, "")
-      
+
       ValidatesCaptcha.provider.render_challenge sanitized_object_name, object, options
     end
-    
+
     # Returns an input tag of the "text" type tailored for entering the captcha solution.
     #
-    # Internally calls Rails' #text_field helper method, passing the +object_name+ and 
+    # Internally calls Rails' #text_field helper method, passing the +object_name+ and
     # +options+ arguments.
     def captcha_field(object_name, options = {})
       options.delete(:id)
-      
+
       hidden_field(object_name, :captcha_challenge, options) + text_field(object_name, :captcha_solution, options)
     end
-    
-    # By default, returns an anchor tag that makes an AJAX request to fetch a new captcha challenge and updates 
+
+    # By default, returns an anchor tag that makes an AJAX request to fetch a new captcha challenge and updates
     # the current challenge after the request is complete.
-    # 
+    #
     # Internally calls +render_regenerate_challenge_link+ method of ValidatesCaptcha#provider.
     def regenerate_captcha_challenge_link(object_name, options = {}, html_options = {})
       options.symbolize_keys!
-      
+
       object = options.delete(:object)
       sanitized_object_name = object_name.to_s.gsub(/\]\[|[^-a-zA-Z0-9:.]/, "_").sub(/_$/, "")
-      
+
       ValidatesCaptcha.provider.render_regenerate_challenge_link sanitized_object_name, object, options, html_options
     end
   end

data/lib/validates_captcha/image_generator/simple.rb

@@ -1,24 +1,24 @@
 module ValidatesCaptcha
   module ImageGenerator
-    # This class is responsible for creating the captcha image. It internally 
-    # uses ImageMagick's +convert+ command to generate the image bytes. So 
+    # This class is responsible for creating the captcha image. It internally
+    # uses ImageMagick's +convert+ command to generate the image bytes. So
     # ImageMagick must be installed on the system for it to work properly.
     #
-    # In order to deliver the captcha image to the user's browser, 
-    # Validate Captcha's Rack middleware calls the methods of this class 
-    # to create the image, to retrieve its mime type, and to construct the 
+    # In order to deliver the captcha image to the user's browser,
+    # Validate Captcha's Rack middleware calls the methods of this class
+    # to create the image, to retrieve its mime type, and to construct the
     # path to it.
     #
-    # The image generation process is no rocket science. The chars are just 
-    # laid out next to each other with varying vertical positions, font sizes, 
-    # and weights. Then a slight rotation is performed and some randomly 
+    # The image generation process is no rocket science. The chars are just
+    # laid out next to each other with varying vertical positions, font sizes,
+    # and weights. Then a slight rotation is performed and some randomly
     # positioned lines are rendered on the canvas.
     #
-    # Sure, the created captcha can easily be cracked by intelligent 
-    # bots. As the name of the class suggests, it's rather a starting point 
+    # Sure, the created captcha can easily be cracked by intelligent
+    # bots. As the name of the class suggests, it's rather a starting point
     # for your own implementations.
     #
-    # You can implement your own (better) image generator by creating a 
+    # You can implement your own (better) image generator by creating a
     # class that conforms to the method definitions of the example below.
     #
     # Example for a custom image generator:
@@ -48,43 +48,43 @@ module ValidatesCaptcha
     #
     #  ValidatesCaptcha::Provider::StaticImage.image_generator = AdvancedImageGenerator.new
     #  ValidatesCaptcha.provider = ValidatesCaptcha::Provider::StaticImage.new
-    #    
+    #
     class Simple
       MIME_TYPE = 'image/gif'.freeze
       FILE_EXTENSION = '.gif'.freeze
-      
-      # Returns a string containing the image bytes of the captcha. 
+
+      # Returns a string containing the image bytes of the captcha.
       # As the only argument, the cleartext captcha text must be passed.
       def generate(captcha_code)
         image_width = captcha_code.length * 20 + 10
-        
+
         cmd = []
         cmd << "convert -size #{image_width}x40 xc:grey84 -background grey84 -fill black "
-        
+
         captcha_code.split(//).each_with_index do |char, i|
           cmd << " -pointsize #{rand(8) + 15} "
           cmd << " -weight #{rand(2) == 0 ? '4' : '8'}00 "
           cmd << " -draw 'text #{5 + 20 * i},#{rand(10) + 20} \"#{char}\"' "
         end
-        
+
         cmd << "  -rotate #{rand(2) == 0 ? '-' : ''}5 -fill grey40 "
-        
+
         captcha_code.size.times do
           cmd << "  -draw 'line #{rand(image_width)},0 #{rand(image_width)},60' "
         end
-        
+
         cmd << "  gif:-"
-        
+
         image_magick_command = cmd.join
-        
+
         `#{image_magick_command}`
       end
-      
+
       # Returns the image mime type. This is always 'image/gif'.
       def mime_type
         MIME_TYPE
       end
-      
+
       # Returns the image file extension. This is always '.gif'.
       def file_extension
         FILE_EXTENSION
@@ -92,3 +92,4 @@ module ValidatesCaptcha
     end
   end
 end
+

data/lib/validates_captcha/model_validation.rb

@@ -3,18 +3,19 @@ module ValidatesCaptcha
     def self.included(base) #:nodoc:
       base.extend ClassMethods
       base.send :include, InstanceMethods
-      
+
       base.class_eval do
-        attr_accessible :captcha_challenge, :captcha_solution
         attr_accessor :captcha_solution
         attr_writer :captcha_challenge
-        
+
+        alias_method_chain :attributes=, :captcha_fields
+
         validate :validate_captcha, :if => :validate_captcha?
       end
     end
-    
+
     module ClassMethods
-      # Activates captcha validation on entering the block and deactivates 
+      # Activates captcha validation on entering the block and deactivates
       # captcha validation on leaving the block.
       #
       # Example:
@@ -29,37 +30,52 @@ module ValidatesCaptcha
         self.validate_captcha = false
         result
       end
-          
+
       # Returns +true+ if captcha validation is activated, otherwise +false+.
       def validate_captcha? #:nodoc:
         @validate_captcha == true
       end
-      
+
       private
         def validate_captcha=(value) #:nodoc:
           @validate_captcha = value
         end
     end
-    
+
     module InstanceMethods #:nodoc:
       def captcha_challenge #:nodoc:
         return @captcha_challenge unless @captcha_challenge.blank?
         @captcha_challenge = ValidatesCaptcha.provider.generate_challenge
       end
-      
-      private      
+
+      def attributes_with_captcha_fields=(new_attributes, guard_protected_attributes = true)
+        if new_attributes && guard_protected_attributes &&
+            (new_attributes.key?('captcha_challenge') || new_attributes.key?(:captcha_challenge))
+          attributes = new_attributes.dup
+          attributes.stringify_keys!
+
+          self.captcha_challenge = attributes.delete('captcha_challenge')
+          self.captcha_solution = attributes.delete('captcha_solution')
+
+          new_attributes = attributes
+        end
+
+        send :attributes_without_captcha_fields=, new_attributes, guard_protected_attributes
+      end
+
+      private
         def validate_captcha? #:nodoc:
           self.class.validate_captcha?
         end
-        
+
         def validate_captcha #:nodoc:
           errors.add(:captcha_solution, :blank) and return if captcha_solution.blank?
           errors.add(:captcha_solution, :invalid) unless captcha_valid?
         end
-      
+
         def captcha_valid? #:nodoc:
           ValidatesCaptcha.provider.solved?(captcha_challenge, captcha_solution)
-        end        
+        end
     end
   end
 end

data/lib/validates_captcha/provider/dynamic_image.rb

@@ -1,8 +1,8 @@
 require 'action_view/helpers'
 
 module ValidatesCaptcha
-  # Here is how you can implement your own captcha challenge provider. Create a 
-  # class that conforms to the public method definitions of the example below 
+  # Here is how you can implement your own captcha challenge provider. Create a
+  # class that conforms to the public method definitions of the example below
   # and assign an instance of it to ValidatesCaptcha#provider=.
   #
   # Example:
@@ -26,7 +26,7 @@ module ValidatesCaptcha
   #
   #    def render_challenge(sanitized_object_name, object, options = {})
   #      options[:id] = "#{sanitized_object_name}_captcha_question"
-  #      
+  #
   #      content_tag :span, "What's the reverse of '#{object.captcha_challenge}'?", options
   #    end
   #
@@ -36,7 +36,7 @@ module ValidatesCaptcha
   #                   "$('#{sanitized_object_name}_captcha_question').update(result.question); " \\
   #                   "$('#{sanitized_object_name}_captcha_challenge').value = result.challenge; " \\
   #                   "$('#{sanitized_object_name}_captcha_solution').value = '';"
-  #     
+  #
   #      link_to_remote text, options.reverse_merge(:url => '/captchas/regenerate', :method => :get, :success => success), html_options
   #    end
   #
@@ -44,7 +44,7 @@ module ValidatesCaptcha
   #      if env['PATH_INFO'] == '/captchas/regenerate'
   #        challenge = generate_challenge
   #        json = { :question => "What's the reverse of '#{challenge}'?", :challenge => challenge }.to_json
-  #        
+  #
   #        [200, { 'Content-Type' => 'application/json' }, [json]]
   #      else
   #        [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
@@ -69,61 +69,61 @@ module ValidatesCaptcha
     # implementation instead of the default one, consult the documentation
     # for the specific default class.
     #
-    # The default captcha image generator uses ImageMagick's +convert+ command to 
-    # create the captcha.  So a recent and properly configured version of ImageMagick 
-    # must be installed on the system.  The version used while developing was 6.4.5.  
-    # But you are not bound to ImageMagick.  If you want to provide a custom image 
-    # generator, take a look at the documentation for 
+    # The default captcha image generator uses ImageMagick's +convert+ command to
+    # create the captcha.  So a recent and properly configured version of ImageMagick
+    # must be installed on the system.  The version used while developing was 6.4.5.
+    # But you are not bound to ImageMagick.  If you want to provide a custom image
+    # generator, take a look at the documentation for
     # ValidatesCaptcha::ImageGenerator::Simple on how to create your own.
     class DynamicImage
       include ActionView::Helpers
-      
+
       @@string_generator = nil
       @@symmetric_encryptor = nil
       @@image_generator = nil
-      
+
       class << self
         # Returns the current captcha string generator. Defaults to an
         # instance of the ValidatesCaptcha::StringGenerator::Simple class.
         def string_generator
           @@string_generator ||= ValidatesCaptcha::StringGenerator::Simple.new
         end
-        
+
         # Sets the current captcha string generator. Used to set a
         # custom string generator.
         def string_generator=(generator)
           @@string_generator = generator
         end
-        
+
         # Returns the current captcha symmetric encryptor. Defaults to an
         # instance of the ValidatesCaptcha::SymmetricEncryptor::Simple class.
         def symmetric_encryptor
           @@symmetric_encryptor ||= ValidatesCaptcha::SymmetricEncryptor::Simple.new
         end
-        
+
         # Sets the current captcha symmetric encryptor. Used to set a
         # custom symmetric encryptor.
         def symmetric_encryptor=(encryptor)
           @@symmetric_encryptor = encryptor
         end
-        
+
         # Returns the current captcha image generator. Defaults to an
         # instance of the ValidatesCaptcha::ImageGenerator::Simple class.
         def image_generator
           @@image_generator ||= ValidatesCaptcha::ImageGenerator::Simple.new
         end
-        
+
         # Sets the current captcha image generator. Used to set a custom
         # image generator.
         def image_generator=(generator)
           @@image_generator = generator
         end
       end
-      
+
       # This method is the one called by Rack.
-      # 
-      # It returns HTTP status 404 if the path is not recognized. If the path is 
-      # recognized, it returns HTTP status 200 and delivers the image if it could 
+      #
+      # It returns HTTP status 404 if the path is not recognized. If the path is
+      # recognized, it returns HTTP status 200 and delivers the image if it could
       # successfully decrypt the captcha code, otherwise HTTP status 422.
       #
       # Please take a look at the source code if you want to learn more.
@@ -132,16 +132,16 @@ module ValidatesCaptcha
           if $1 == 'regenerate'
             captcha_challenge = generate_challenge
             json = { :captcha_challenge => captcha_challenge, :captcha_image_path => image_path(captcha_challenge) }.to_json
-            
+
             [200, { 'Content-Type' => 'application/json' }, [json]]
           else
             decrypted_code = decrypt($1)
-          
+
             if decrypted_code.nil?
               [422, { 'Content-Type' => 'text/html' }, ['Unprocessable Entity']]
             else
               image_data = generate_image(decrypted_code)
-              
+
               response_headers = {
                 'Content-Length'            => image_data.bytesize.to_s,
                 'Content-Type'              => image_mime_type,
@@ -149,7 +149,7 @@ module ValidatesCaptcha
                 'Content-Transfer-Encoding' => 'binary',
                 'Cache-Control'             => 'private'
               }
-              
+
               [200, response_headers, [image_data]]
             end
           end
@@ -157,79 +157,79 @@ module ValidatesCaptcha
           [404, { 'Content-Type' => 'text/html' }, ['Not Found']]
         end
       end
-      
+
       # Returns a captcha challenge.
       def generate_challenge
         encrypt(generate_code)
       end
-        
-      # Returns true if the captcha was solved using the given +challenge+ and +solution+, 
+
+      # Returns true if the captcha was solved using the given +challenge+ and +solution+,
       # otherwise false.
       def solved?(challenge, solution)
         decrypt(challenge) == solution
       end
-      
+
       # Returns an image tag with the source set to the url of the captcha image.
-      # 
+      #
       # Internally calls Rails' +image_tag+ helper method, passing the +options+ argument.
       def render_challenge(sanitized_object_name, object, options = {})
         src = image_path(object.captcha_challenge)
-        
+
         options[:alt] ||= 'CAPTCHA'
         options[:id] = "#{sanitized_object_name}_captcha_image"
-        
+
         image_tag src, options
       end
-      
-      # Returns an anchor tag that makes an AJAX request to fetch a new captcha code and updates 
+
+      # Returns an anchor tag that makes an AJAX request to fetch a new captcha code and updates
       # the captcha image after the request is complete.
-      # 
-      # Internally calls Rails' +link_to_remote+ helper method, passing the +options+ and 
-      # +html_options+ arguments. So it relies on the Prototype javascript framework 
+      #
+      # Internally calls Rails' +link_to_remote+ helper method, passing the +options+ and
+      # +html_options+ arguments. So it relies on the Prototype javascript framework
       # to be available on the web page.
       #
-      # The anchor text defaults to 'Regenerate Captcha'. You can set this to a custom value 
+      # The anchor text defaults to 'Regenerate Captcha'. You can set this to a custom value
       # providing a +:text+ key in the +options+ hash.
       def render_regenerate_challenge_link(sanitized_object_name, object, options = {}, html_options = {})
         text = options.delete(:text) || 'Regenerate Captcha'
         success = "var result = request.responseJSON; $('#{sanitized_object_name}_captcha_image').src = result.captcha_image_path; $('#{sanitized_object_name}_captcha_challenge').value = result.captcha_challenge; $('#{sanitized_object_name}_captcha_solution').value = '';"
-        
+
         link_to_remote text, options.reverse_merge(:url => regenerate_path, :method => :get, :success => success), html_options
       end
-      
-      private      
+
+      private
         def generate_image(code) #:nodoc:
           self.class.image_generator.generate code
         end
-        
+
         def image_mime_type #:nodoc:
           self.class.image_generator.mime_type
         end
-        
+
         def image_file_extension #:nodoc:
           self.class.image_generator.file_extension
         end
-      
+
         def encrypt(code) #:nodoc:
           self.class.symmetric_encryptor.encrypt code
         end
-      
+
         def decrypt(encrypted_code) #:nodoc:
           self.class.symmetric_encryptor.decrypt encrypted_code
         end
-        
+
         def generate_code #:nodoc:
           self.class.string_generator.generate
         end
-      
+
         def image_path(encrypted_code) #:nodoc:
           "/captchas/#{encrypted_code}#{image_file_extension}"
         end
-        
+
         def regenerate_path #:nodoc:
           '/captchas/regenerate'
         end
-      
+
         # This is needed by +link_to_remote+ called in +render_regenerate_link+.
         def protect_against_forgery? #:nodoc:
           false
@@ -237,4 +237,4 @@ module ValidatesCaptcha
     end
   end
 end
-      
+