Comments (7)
Yes I agree with that
from invisible_captcha.
@schugabe New version pushed https://rubygems.org/gems/invisible_captcha/versions/0.9.1 👏 👏
from invisible_captcha.
Thanks for reporting @schugabe.
If I understand you correctly, you want to skip the check during the tests, as you are doing controller testing and timestamp in session isn't set. In that case you are entering this block: https://github.com/markets/invisible_captcha/blob/master/lib/invisible_captcha/controller_ext.rb#L42-L46, am I right?
Outside testing, this check are totally valid...but it make sense to make it "de-activable" per environtment. To achieve that, we have some options:
- set
InvisibleCaptcha.timestamp_threshold = 0
- add a new flag to deactivate the timestamp check (something like
InvisibleCaptcha.timestamp_enabled = false
)
IMO, option 2, feels probably more clear, what do you think?
from invisible_captcha.
Yes option 2 would be more clear!
Currently the check in line https://github.com/markets/invisible_captcha/blob/master/lib/invisible_captcha/controller_ext.rb#L43 is done even if InvisibleCaptcha.timestamp_threshold=0
I created a pull request for a test that is currently failing #21
from invisible_captcha.
Hi @schugabe, I'll take a closer look this week, but I think we should move on option 2. What do you propose to fix the failing test in that PR? In my opinion, we just need to introduce this new option to disable the timestamps. Thanks!
from invisible_captcha.
I also prefer an dedicated option to disable this check completely. This would also fix the failing test.
So option 2 is the way to go 👍
from invisible_captcha.
ok @schugabe, but in that case, we don't need to support timestamp_threshold = 0
to disable this check. Semantically, it's correct, "wait 0 seconds" is going to fail always... so the test will be written using the new flag timestamp_enabled = false
.
Are you agree with that? (If yes, we can close that PR #21 and rename this issue to something like: "Allow to disable the timestamp check")
from invisible_captcha.
Related Issues (20)
- Adding recaptcha to handle the chrome auto fill bug HOT 5
- Undefined method remote_ip HOT 1
- Tips when used together with Sorcery gem. HOT 1
- By using I18n.with_locale(..) in app_controller action is not called HOT 3
- IP spinner validation when forms are added with JS HOT 1
- Timestamp validation when forms are submitted with JS HOT 1
- Option with dynamic honeypot (collection of default honeypots) does not use scope HOT 1
- Submit form on multi tabs HOT 3
- Potential spam detected for IP 127.0.0.1. Invisible Captcha spinner value mismatch HOT 2
- Markup not valid when run through HTML validator HOT 6
- Each spinner should have a unique HTML ID
- `#honeypot_spam?` does not use `:scope` option if `:honeypot` option is not also set. HOT 1
- InvisibleCaptcha::ControllerExt honeypot attribute ActiveSupport::Notifications dispatches an `invisible_captcha.spam_detected` event test is failing now HOT 10
- Edge case with scope changes in 2.1.0
- It's difficult to write tests HOT 3
- [Invisible Captcha] Potential spam detected for IP 127.0.0.1. Timestamp not found in session. HOT 13
- Captcha field visible in Rails 7.1 HOT 5
- Logic bug regarding spinner-based protection HOT 4
- What is the "IP based 🔍 spinner validation"? HOT 1
- New feature: Spam-Filtering on Post requests only HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from invisible_captcha.