kiskolabs / humanizer Goto Github PK
View Code? Open in Web Editor NEWVery simple captcha with Rails 3 & 4 & 5 & 6 & 7 support
Home Page: https://kiskolabs.github.io/humanizer
License: MIT License
Very simple captcha with Rails 3 & 4 & 5 & 6 & 7 support
Home Page: https://kiskolabs.github.io/humanizer
License: MIT License
I have a User
model:
class User < ApplicationRecord
require_human_on :create
end
When a guest wants to register, I display the CAPTCHA. But when an already logged in admin wants to create user manually, I don't show it.
At the time being, the easiest way to disable the CAPTCHA in the latter case is to set the question id and answer manually in the controller:
def create
# Make captcha mechanism pass automatically (only needed for new registrations, not when creating a user manually)
@user.humanizer_question_id = '16'
@user.humanizer_answer = '5'
@user.save
respond_with @user
end
But this is pretty ugly. Is there a better way to do this?
We have a project in which we are using Humanizer and our customer requested the ability to request a new humanizer question. We basically made a controller that returns the humanizer question text and input field that looks something like this:
route looks like '/captchas?current_question_id=5'
class CaptchasController < ApplicationController
include Humanizer
layout false
def show
begin
@question_id = humanizer_question_id
@question = humanizer_question
humanizer_question_id = nil
end until ( @question_id.to_i != params[:current_question_id].to_i )
end
end
Granted this code isn't the cleanest and I don't agree with it 100% but the basic idea was to create a loop that guaranteed a new question that isn't the current question.
Based on the way humanizer works this code essentially creates a local variable named humanizer_question_id which hides the humanizer_question_id method.
Due to the humanizer_question_id almost always returning us a different question id than the parameter passed to the controller, the bug we introduced has been hidden from us for at least 2 months now.
The fix for this is really simple, given the code we have just change it to:
begin
@humanizer_question_id = nil
@question_id = humanizer_question_id
@question = humanizer_question
end until ( @question_id.to_i != params[:current_question_id].to_i )
Personally I really don't think that anything should be using the @humanizer_question_id variable. I would like to change humanizer to look like this:
def humanizer_question_id
@humanizer_question_id ||= reset_humanizer_question_id
end
def generate_random_question_id(current = nil)
@humanizer_question_id = reset_humanizer_question_id until current.try(:to_i) != @humanizer_question_id
end
private
def reset_humanizer_question_id
Kernel.rand(humanizer_questions.count).to_i
end
This wouldn't change any of the current functionality, the only real difference is that I'm exposing a method that I can pass a current number or string(or pass nothing) and it will set @humanizer_question_id to a different value than what is passed in, and then just extracting the Kernel.rand to a method.
I've submitted a pull request, but wanted to put in an issue to explain why I changed the code.
Any thoughts at all?
Is there any interest in writing humanizer controller methods? Just in case someone is using a form that isn't associated with a model? Maybe something that automatically looks for humanizer params:
# app/controllers/some_controller.rb
class SomeController < ApplicationController
def submit
if human?
# do something fantastic
else
flash[:failure] = I18n.translate("humanizer.validation.error")
end
end
end
If there's any interest in this, I could write the extra functionality.
Hello!
I can't get this gem to work with a has_many/belongs_to relationship. I've created a blank rails app with two models (Post and Comment). There's nothing fancy in the app except a nested form that allows users to create a Comment while in the Posts/Show view. Regardless the input, I get a "You are not human error message".
undefined method `humanizer_question' for Humanizer:Module
<%= label_tag 'humanizer_answer', @home.humanizer_question %>
Not sure why this keeps coming up. Rails 4.1 on Ruby 2.1.1.
Hi.. any chance to make it working on Rails 7?
I get => can't modify frozen Hash: {:question=>"Zwei plus zwei?", :answers=>["4", "vier"]}.
Thanks..
Thanks for the gem. We have been using for years. We use the default questions and some of our own.
Lately I noticed a lot of bypasses. About 20% of a thousand requests got past the humanizer in the last 2 days.
Turns out the questions with minus, times en plus and numerical answer were solvable. 'Two plus two?', 'Five times two is what?', 'What is 14 minus 4?' and the likes.
Examples of numerical questions that are not (yet) solved are:
I know it will never be perfect, but for now a slightly improved default en.yml would be nice to get a better experience
Currently using simple captcha, don't have time to make it rails 4, this does not supports rails 4 plans to make it compatible in short time? thx
After upgrading to Rails 7 and Ruby 3.0.3 I get the following error.
can't modify frozen Hash: {:question=>"Two plus two?", :answers=>["4", "four"]}
Did anyone else have this issue, and if yes, how did you fix it.
Any help is appreciated.
Thanks
It is a nice gem.
Is it possible to organize to get a different question every time I call the contact form.
It's changing on reload (if the sending fails) but I dont like to get the same question (the first in row: Two plus two?) every time I go to the form.
Thanks
I would be more than happy to expand the README if you like. Just let me know, :)
Gabe
RubyGems.org doesn't report a license for your gem. This is because it is not specified in the gemspec of your last release.
via e.g.
spec.license = 'MIT'
# or
spec.licenses = ['MIT', 'GPL-2']
Including a license in your gemspec is an easy way for rubygems.org and other tools to check how your gem is licensed. As you can imagine, scanning your repository for a LICENSE file or parsing the README, and then attempting to identify the license or licenses is much more difficult and more error prone. So, even for projects that already specify a license, including a license in your gemspec is a good practice. See, for example, how rubygems.org uses the gemspec to display the rails gem license.
There is even a License Finder gem to help companies/individuals ensure all gems they use meet their licensing needs. This tool depends on license information being available in the gemspec. This is an important enough issue that even Bundler now generates gems with a default 'MIT' license.
I hope you'll consider specifying a license in your gemspec. If not, please just close the issue with a nice message. In either case, I'll follow up. Thanks for your time!
Appendix:
If you need help choosing a license (sorry, I haven't checked your readme or looked for a license file), GitHub has created a license picker tool. Code without a license specified defaults to 'All rights reserved'-- denying others all rights to use of the code.
Here's a list of the license names I've found and their frequencies
p.s. In case you're wondering how I found you and why I made this issue, it's because I'm collecting stats on gems (I was originally looking for download data) and decided to collect license metadata,too, and make issues for gemspecs not specifying a license as a public service :). See the previous link or my blog post about this project for more information.
using humanizer to ward off bots, does not work. It is very easy to by-pass, once you know one question_id and its answer then you can write a simple script such as:
require 'net/http'
require 'uri'
url = URI('http://www.sitehere.com')
(1..1000).each do |value|
res = Net::HTTP.post_form(url, "user[humanizer_answer]"=>"15", "user[humanizer_question_id]"=>"4",
"action"=>"create", "controller"=>"controller")
end
Am I using it wrong? I have site and it can be by-passed with doing the above. Of course you have to add the values for the other fields the post is expecting, but that is very easy to figure out. But it simply offers no protection
hi, only can be apply to model?
Hey,
I got the following issue: wrong number of arguments (at least 1)
It gives the error in the line: = f.label :humanizer_answer, @subscription.humanizer_question. If I just put @subscription.humanizar_question as a label, the error will move to: = f.hidden_field :humanizer_question_id.
My code:
Model: NewsletterSubscription.rb
class NewsletterSubscription < ActiveRecord::Base
include Humanizer
require_human_on :create
end
form: subscription.html.haml
- if @sent.nil? || !@sent
= form_for(@subscription, url: '') do |f|
- if @subscription.errors.any?
.errors
- @subscription.errors.full_messages.each do |msg|
%li
= msg
.field
= f.label :sex
= label :sex_man, 'Man'
= f.radio_button :sex, 'man', :value => 'man'
= label :sex_vrouw, 'Vrouw'
= f.radio_button :sex, 'vrouw', :value => 'vrouw'
.field
= f.label :initials
= f.text_field :initials
.field
= f.label :last_name
= f.text_field :last_name
.field
= f.label :email
= f.text_field :email
.field
= f.label :humanizer_answer, @subscription.humanizer_question
= f.text_field :humanizer_answer
= f.hidden_field :humanizer_question_id
.actions
= f.submit "Submit"
- else
%span{style:"font-size:1.5em;"} Het formulier is verzonden.
I can't see what I'm doing wrong. Can someone please help me.
Jack and Jill went up the hill is an easy one and fairly common but the nursery rhyme might be lost on new english speakers. Also it doesnt quite fit in the rest of the mathematical and date based question set.
I understand the locale file is up for customization, but you may want to drop that question in favour of better defaults.
Great plugin!
When I leave the answer field blank, or enter the wrong answer. It still passes the form.
Here is the params from the create method:
Parameters: {"utf8"=>"โ", "authenticity_token"=>"FsNEHP1PUmeUpgDB7gXFH1KWrV63uDhb8rvZMze/arY=", "message"=>{"name"=>"", "email"=>"*******@gmail.com", "subject"=>"", "content"=>"Hamama", "humanizer_answer"=>"4", "humanizer_question_id"=>""}, "commit"=>"Send us message"}
I noticed the "humanizer_question_id" is empty.
That was what I was looking for: simple and editable.
Hint => when using attr_accessible... check the attributes.
Hi Guys,
Just wondering if you've written any apps with humanizer which have signup features which can deal with humanizer captcha. I'm kinda stumped because i'm new to cucumber. If not, feel free to close the ticket.
I'm already using this gem successfully in other parts of my app, and it works great. However, I can't get it to work with the comments on my blog (posts#index). Do I need to do something different for a has_many/belongs_to relationship? Here's my code: http://pastie.org/1166152
Thanks for this amazing gem, btw!
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.