pax_global_header00006660000000000000000000000064151657617720014533gustar00rootroot0000000000000052 comment=9b261bbd3fa8b5537e8bf56b37e1fda1c27b4ad7 ambethia-recaptcha-db974b3/000077500000000000000000000000001516576177200156555ustar00rootroot00000000000000ambethia-recaptcha-db974b3/.github/000077500000000000000000000000001516576177200172155ustar00rootroot00000000000000ambethia-recaptcha-db974b3/.github/PULL_REQUEST_TEMPLATE.md000066400000000000000000000001721516576177200230160ustar00rootroot00000000000000Why and what is being done. ## Pre-Merge Checklist - [ ] CHANGELOG.md updated with short summary for user facing changes ambethia-recaptcha-db974b3/.github/workflows/000077500000000000000000000000001516576177200212525ustar00rootroot00000000000000ambethia-recaptcha-db974b3/.github/workflows/ci.yml000066400000000000000000000015101516576177200223650ustar00rootroot00000000000000name: CI on: pull_request: branches: [ master ] push: branches: [ master ] jobs: test: name: Test ruby version matrix runs-on: ubuntu-latest strategy: fail-fast: false matrix: ruby-version: ['3.0', '3.1', '3.2', '3.3', 'head', 'truffleruby-head'] # keep in sync with gemspec steps: - uses: actions/checkout@v2 - uses: ruby/setup-ruby@v1 with: ruby-version: ${{ matrix.ruby-version }} bundler-cache: true - run: bundle exec rake test rubocop: name: Run rubocop runs-on: ubuntu-latest steps: - uses: actions/checkout@v2 - uses: ruby/setup-ruby@v1 with: ruby-version: '3.0' # lowest supported version, keep in sync with .rubocop.yml bundler-cache: true - run: bundle exec rake rubocop ambethia-recaptcha-db974b3/.gitignore000066400000000000000000000001301516576177200176370ustar00rootroot00000000000000rdoc pkg .ruby-gemset .ruby-version .bundle .gems .rbenv-gemsets /demo/*/Gemfile.lock ambethia-recaptcha-db974b3/.rubocop.yml000066400000000000000000000050301516576177200201250ustar00rootroot00000000000000AllCops: TargetRubyVersion: 3.0 # lowest supported version, see .github/workflows/ci.yml Include: - 'lib/**/*' - 'Rakefile' - 'Gemfile' Exclude: - 'vendor/**/*' - 'demo/**/*' SuggestExtensions: false NewCops: enable Layout/LineLength: Max: 120 Metrics/ClassLength: Enabled: false Style/FetchEnvVar: Enabled: false Style/StringLiterals: Enabled: false Layout/SpaceInsideHashLiteralBraces: Enabled: false Lint/AmbiguousOperator: Enabled: false Style/Lambda: Enabled: false Style/SpecialGlobalVars: Enabled: false Metrics/MethodLength: Enabled: false Metrics/AbcSize: Enabled: false Style/WordArray: Enabled: false Layout/EndAlignment: EnforcedStyleAlignWith: variable Style/StringLiteralsInInterpolation: Enabled: false Style/NumericLiterals: Enabled: false Layout/FirstArgumentIndentation: Enabled: false Layout/FirstHashElementIndentation: Enabled: false Layout/ParameterAlignment: EnforcedStyle: with_fixed_indentation Layout/MultilineOperationIndentation: Enabled: false Metrics/ModuleLength: Enabled: false Metrics/PerceivedComplexity: Enabled: false Style/DoubleNegation: Enabled: false Style/Documentation: Enabled: false Metrics/CyclomaticComplexity: Enabled: false Layout/MultilineMethodCallIndentation: EnforcedStyle: indented Layout/ExtraSpacing: Enabled: false Layout/DotPosition: EnforcedStyle: trailing Style/SingleLineBlockParams: Enabled: false Style/TrailingCommaInArrayLiteral: Enabled: false Style/TrailingCommaInHashLiteral: Enabled: false Style/PerlBackrefs: Enabled: false Style/IfUnlessModifier: Enabled: false # alias / alias_method are both fine Style/Alias: Enabled: false # for simple cases more readable Style/GuardClause: Enabled: false # for single `/` more readable Style/RegexpLiteral: Enabled: false # %w[] shows that it will return an array Style/PercentLiteralDelimiters: PreferredDelimiters: '%i': '[]' '%w': '[]' '%W': '[]' Lint/AssignmentInCondition: Enabled: false Lint/AmbiguousRegexpLiteral: Enabled: false Metrics/ParameterLists: Enabled: false # looks correct / intuitive Lint/ParenthesesAsGroupedExpression: Enabled: false Style/FormatString: Enabled: false Metrics/BlockNesting: Enabled: false Layout/IndentationWidth: Width: 2 Lint/NonLocalExitFromIterator: Enabled: false # often makes logical sense to not combine if with elsif Style/IfInsideElse: Enabled: false Style/FrozenStringLiteralComment: Exclude: - 'test/**/*' Style/SymbolArray: Enabled: false ambethia-recaptcha-db974b3/CHANGELOG.md000066400000000000000000000120031516576177200174620ustar00rootroot00000000000000## Next ## 5.21.2 * make env fall back to Rails.env if it is unset ## 5.21.1 * Fix flash not being updated when responding to :turbo_stream requests ## 5.21.0 * add referer header to #api_verification_entreprise ## 5.20.0 * turn recpatch reply into a object with logic ## 5.19.0 * require a minimum lenght of 100 for responses, configured via response_minimum ## 5.18.0 * Add key setup to v3 example in README * Remove unnecessary id from textarea - This was unused and may cause accessability concerns if there is more than one recaptcha on the page due to multiple elements with the same id * Update to latest version of rubocop * Drop support for Ruby 2.7; add Ruby 3.3 * Add i18n: de, es, it, pt, pt-BR * Added recaptcha_failure_reason ## 5.16.0 * Allow usage of `options[:turbo]` as well as `options[:turbolinks]` for `recaptcha_v3` ## 5.15.0 * Add 3.2 to the list of Ruby CI versions * Add ability to submit verify_recaptcha via POST with JSON Body with `options[:json] = true` ## 5.14.0 * drop json dependency ## 5.13.1 * Permit actions as symbol ## 5.13.0 * Added option to ignore_no_element. ## 5.12.3 * Remove score fallback for enterprise * Update enterprise tests to v1 assessment schema ## 5.12.2 * Fix minimum score for enterprise ## 5.12.1 * Fix Japanese locale ## 5.12.0 * Added Japanese locale ## 5.11.0 * Added Dutch locale ## 5.10.1 * Fix enterprise_verify_url #415 ## 5.10.0 * Drop ruby 2.4 2.5 2.6 * Add maxiumm score support for hcaptcha ## 5.9.0 * Gracefully handle invalid params ## 5.8.1 * Allow configuring response limit ## 5.8.0 * Add support for the enterprise API ## 5.7.0 * french locale * drop ruby 2.3 ## 5.6.0 * Allow multiple invisible recaptchas on a single page by setting custom selector ## 5.5.0 * add `recaptcha_reply` controller method for better debugging/inspection ## 5.4.1 * fix v2 vs 'data' postfix ## 5.4.0 * added 'data' postfix to g-recaptcha-response attribute name to avoid collisions ## 5.3.0 * turbolinks support ## 5.2.0 * remove dependency on rails methods ## 5.1.0 * Added default translations for rails/i18n * use recaptcha.net for the script tag ## 5.0.0 * Changed host to Recaptcha.net * Add v3 API support * Renamed `Recaptcha::ClientHelper` to `Recaptcha::Adapters::ViewMethods` * Renamed `Recaptcha::Verify` to `Recaptcha::Adapters::ControllerMethods` ## 4.12.0 - 2018-08-30 * add `input` option to `invisible_recaptcha_tags`'s `ui` setting ## 4.11.1 - 2018-08-08 * leave `tabindex` attribute alone for `invisible_recaptcha_tags` ## 4.11.0 - 2018-08-06 * prefer RAILS_ENV over RACK_ENV #286 ## 4.0.0 - 2016-11-14 * public_key -> site_key and private_key -> secret_key ## 3.4.0 - 2016-11-01 * Update fallback html ## 3.2.0 - 2016-06-13 * remove SKIP_VERIFY_ENV constant, use `skip_verify_env` instance variable instead ## 3.1.0 - 2016-06-10 * better error messages * frozen constants ## 3.0.0 - 2016-05-27 * remove all non-ssl options ## 2.3.0 - 2016-05-25 * enable ssl verification by default ... disable via `disable_ssl_verification = true` ## 2.2.0 - 2016-05-23 * Add global hostname validator config * Clean up after with_configuration exception ## 2.1.0 - 2016-05-19 * do not query google if repactcha was not submitted ## 2.0.0 - 2016-05-17 * remove stoken support, must use custom domain verification or domain whitelist ## 1.3.0 - 2016-04-07 * do not set model error and flash ## 1.2.0 - 2016-04-01 * custom domain validation ## 1.1.0 - 2016-01-27 * support RACK_ENV ## 1.0.2 - 2015-11-30 * nice deprecations for api_version ## 1.0.1 - 2015-11-30 * no longer defines `Rails` when `recaptcha/rails` is required ## 1.0.0 - 2015-11-30 * remove api v1 support * remove ssl_api_server_url, nonssl_api_server_url, change api_server_url to always need ssl option * removed activesupport dependency for .to_query * made flash and models both have descriptive errors ## 0.6.0 - 2015-11-19 * extract token module * need to use `gem "recaptcha", require: "recaptcha/rails"` to get rails helpers installed ## 0.5.0 - 2015-11-18 * size option * support disabling stoken * support Rails.env ## 0.4.0 / 2015-03-22 * Add support for ReCaptcha v2 API * V2 API requires `g-recaptcha-response` parameters; https://github.com/ambethia/recaptcha/pull/114 ## 0.3.6 / 2012-01-07 * Many documentation changes * Fixed deprecations in dependencies * Protocol relative JS includes * Fixes for options hash * Fixes for failing tests ## 0.3.5 / 2012-05-02 * I18n for error messages * Rails: delete flash keys if unused ## 0.3.4 / 2011-12-13 * Rails 3 * Remove jeweler ## 0.2.2 / 2009-09-14 * Add a timeout to the validator * Give the documentation some love ## 0.2.1 / 2009-09-14 * Removed Ambethia namespace, and restructured classes a bit * Added an example rails app in the example-rails branch ## 0.2.0 / 2009-09-12 * RecaptchaOptions AJAX API Fix * Added 'cucumber' as a test environment to skip * Ruby 1.9 compat fixes * Added option :message => 'Custom error message' to verify_recaptcha * Removed dependency on ActiveRecord constant * Add I18n ## 0.1.0 / 2008-2-8 * 1 major enhancement * Initial Gem Release ambethia-recaptcha-db974b3/Gemfile000066400000000000000000000001061516576177200171450ustar00rootroot00000000000000# frozen_string_literal: true source 'https://rubygems.org' gemspec ambethia-recaptcha-db974b3/Gemfile.lock000066400000000000000000000033041516576177200200770ustar00rootroot00000000000000PATH remote: . specs: recaptcha (5.21.2) GEM remote: https://rubygems.org/ specs: addressable (2.8.7) public_suffix (>= 2.0.2, < 7.0) ast (2.4.2) bigdecimal (3.1.8) bump (0.10.0) byebug (11.1.3) coderay (1.1.3) concurrent-ruby (1.3.4) crack (1.0.0) bigdecimal rexml hashdiff (1.1.2) i18n (1.14.6) concurrent-ruby (~> 1.0) json (2.9.0) language_server-protocol (3.17.0.3) maxitest (5.8.0) minitest (>= 5.14.0, < 5.26.0) method_source (1.1.0) minitest (5.25.4) mocha (2.7.0) ruby2_keywords (>= 0.0.5) parallel (1.26.3) parser (3.3.6.0) ast (~> 2.4.1) racc pry (0.14.2) coderay (~> 1.1) method_source (~> 1.0) pry-byebug (3.10.1) byebug (~> 11.0) pry (>= 0.13, < 0.15) public_suffix (6.0.1) racc (1.8.1) rainbow (3.1.1) rake (13.2.1) regexp_parser (2.9.3) rexml (3.3.9) rubocop (1.69.1) json (~> 2.3) language_server-protocol (>= 3.17.0) parallel (~> 1.10) parser (>= 3.3.0.2) rainbow (>= 2.2.2, < 4.0) regexp_parser (>= 2.9.3, < 3.0) rubocop-ast (>= 1.36.2, < 2.0) ruby-progressbar (~> 1.7) unicode-display_width (>= 2.4.0, < 4.0) rubocop-ast (1.36.2) parser (>= 3.3.1.0) ruby-progressbar (1.13.0) ruby2_keywords (0.0.5) unicode-display_width (3.1.2) unicode-emoji (~> 4.0, >= 4.0.4) unicode-emoji (4.0.4) webmock (3.24.0) addressable (>= 2.8.0) crack (>= 0.3.2) hashdiff (>= 0.4.0, < 2.0.0) PLATFORMS ruby DEPENDENCIES bump i18n maxitest mocha pry-byebug rake recaptcha! rubocop webmock BUNDLED WITH 2.5.5 ambethia-recaptcha-db974b3/LICENSE000066400000000000000000000020401516576177200166560ustar00rootroot00000000000000Copyright (c) 2007 Jason L Perry Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge, publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do so, subject to the following conditions: The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.ambethia-recaptcha-db974b3/README.md000066400000000000000000000747771516576177200171620ustar00rootroot00000000000000 # reCAPTCHA [![Gem Version](https://badge.fury.io/rb/recaptcha.svg)](https://badge.fury.io/rb/recaptcha) Author: Jason L Perry (http://ambethia.com)
Copyright: Copyright (c) 2007-2013 Jason L Perry
License: [MIT](http://creativecommons.org/licenses/MIT/)
Info: https://github.com/ambethia/recaptcha
Bugs: https://github.com/ambethia/recaptcha/issues
This gem provides helper methods for the [reCAPTCHA API](https://www.google.com/recaptcha). In your views you can use the `recaptcha_tags` method to embed the needed javascript, and you can validate in your controllers with `verify_recaptcha` or `verify_recaptcha!`, which raises an error on failure. # Table of Contents 1. [Obtaining a key](#obtaining-a-key) 2. [Rails Installation](#rails-installation) 3. [Sinatra / Rack / Ruby Installation](#sinatra--rack--ruby-installation) 4. [reCAPTCHA V2 API & Usage](#recaptcha-v2-api-and-usage) - [`recaptcha_tags`](#recaptcha_tags) - [`verify_recaptcha`](#verify_recaptcha) - [`invisible_recaptcha_tags`](#invisible_recaptcha_tags) 5. [reCAPTCHA V3 API & Usage](#recaptcha-v3-api-and-usage) - [`recaptcha_v3`](#recaptcha_v3) - [`verify_recaptcha` (use with v3)](#verify_recaptcha-use-with-v3) - [`recaptcha_reply`](#recaptcha_reply) 6. [I18n Support](#i18n-support) 7. [Testing](#testing) 8. [Alternative API Key Setup](#alternative-api-key-setup) ## Obtaining a key Go to the [reCAPTCHA admin console](https://www.google.com/recaptcha/admin) to obtain a reCAPTCHA API key. The reCAPTCHA type(s) that you choose for your key will determine which methods to use below. | reCAPTCHA type | Methods to use | Description | |----------------------------------------------|----------------|-------------| | v3 | [`recaptcha_v3`](#recaptcha_v3) | Verify requests with a [score](https://developers.google.com/recaptcha/docs/v3#score) | v2 Checkbox
("I'm not a robot" Checkbox) | [`recaptcha_tags`](#recaptcha_tags) | Validate requests with the "I'm not a robot" checkbox | | v2 Invisible
(Invisible reCAPTCHA badge) | [`invisible_recaptcha_tags`](#invisible_recaptcha_tags) | Validate requests in the background | Note: You can _only_ use methods that match your key's type. You cannot use v2 methods with a v3 key or use `recaptcha_tags` with a v2 Invisible key, for example. Otherwise you will get an error like "Invalid key type" or "This site key is not enabled for the invisible captcha." Note: Enter `localhost` or `127.0.0.1` as the domain if using in development with `localhost:3000`. ## Rails Installation **If you are having issues with Rails 7, Turbo, and Stimulus, make sure to check [this Wiki page](https://github.com/ambethia/recaptcha/wiki/Recaptcha-with-Turbo-and-Stimulus)!** ```ruby gem "recaptcha" ``` You can keep keys out of the code base with environment variables or with Rails [secrets](https://api.rubyonrails.org/classes/Rails/Application.html#method-i-secrets).
In development, you can use the [dotenv](https://github.com/bkeepers/dotenv) gem. (Make sure to add it above `gem 'recaptcha'`.) See [Alternative API key setup](#alternative-api-key-setup) for more ways to configure or override keys. See also the [Configuration](https://www.rubydoc.info/github/ambethia/recaptcha/master/Recaptcha/Configuration) documentation. ```shell export RECAPTCHA_SITE_KEY = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy' export RECAPTCHA_SECRET_KEY = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx' ``` If you have an Enterprise API key: ```shell export RECAPTCHA_ENTERPRISE = 'true' export RECAPTCHA_ENTERPRISE_API_KEY = 'AIzvFyE3TU-g4K_Kozr9F1smEzZSGBVOfLKyupA' export RECAPTCHA_ENTERPRISE_PROJECT_ID = 'my-project' ``` _note:_ you'll still have to provide `RECAPTCHA_SITE_KEY`, which will hold the value of your enterprise recaptcha key id. You will not need to provide a `RECAPTCHA_SECRET_KEY`, however. `RECAPTCHA_ENTERPRISE_API_KEY` is the enterprise key of your Google Cloud Project, which you can generate here: https://console.cloud.google.com/apis/credentials. Add `recaptcha_tags` to the forms you want to protect: ```erb <%= form_for @foo do |f| %> # … <%= recaptcha_tags %> # … <% end %> ``` Then, add `verify_recaptcha` logic to each form action that you've protected: ```ruby # app/controllers/users_controller.rb @user = User.new(params[:user].permit(:name)) if verify_recaptcha(model: @user) && @user.save redirect_to @user else render 'new' end ``` Please note that this setup uses [`reCAPTCHA_v2`](#recaptcha-v2-api-and-usage). For a `recaptcha_v3` use, please refer to [`reCAPTCHA_v3 setup`](#examples). ## Sinatra / Rack / Ruby installation See [sinatra demo](/demo/sinatra) for details. - add `gem 'recaptcha'` to `Gemfile` - set env variables - `include Recaptcha::Adapters::ViewMethods` where you need `recaptcha_tags` - `include Recaptcha::Adapters::ControllerMethods` where you need `verify_recaptcha` ## reCAPTCHA v2 API and Usage ### `recaptcha_tags` Use this when your key's reCAPTCHA type is "v2 Checkbox". The following options are available: | Option | Description | |---------------------|-------------| | `:theme` | Specify the theme to be used per the API. Available options: `dark` and `light`. (default: `light`) | | `:ajax` | Render the dynamic AJAX captcha per the API. (default: `false`) | | `:site_key` | Override site API key from configuration | | `:error` | Override the error code returned from the reCAPTCHA API (default: `nil`) | | `:size` | Specify a size (default: `nil`) | | `:nonce` | Optional. Sets nonce attribute for script. Can be generated via `SecureRandom.base64(32)`. Use `content_security_policy_nonce` if you have `config.content_security_policy_nonce_generator` set in Rails. (default: `nil`) | | `:id` | Specify an html id attribute (default: `nil`) | | `:callback` | Optional. Name of success callback function, executed when the user submits a successful response | | `:expired_callback` | Optional. Name of expiration callback function, executed when the reCAPTCHA response expires and the user needs to re-verify. | | `:error_callback` | Optional. Name of error callback function, executed when reCAPTCHA encounters an error (e.g. network connectivity) | | `:noscript` | Include `