From ed7eab4e000d47ee859f7934f0db7281d763ddd6 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Mon, 13 Jan 2025 14:08:39 +0530 Subject: [PATCH 01/10] Update README.md --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 1bb7e557..6bdfab88 100644 --- a/README.md +++ b/README.md @@ -588,7 +588,7 @@ Recaptcha.configure do |config| config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx' config.verify_url = 'https://hcaptcha.com/siteverify' config.api_server_url = 'https://hcaptcha.com/1/api.js' - config.response_limit = 100000 + config.response_limit = { max: 100000, min: 100 } end ``` From b150e494308841f7f1c406b54ff0cadef6471c5a Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Mon, 13 Jan 2025 14:10:36 +0530 Subject: [PATCH 02/10] Add minimum response validation recaptcha.rb --- lib/recaptcha.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/recaptcha.rb b/lib/recaptcha.rb index d8e30c5f..8dc82932 100644 --- a/lib/recaptcha.rb +++ b/lib/recaptcha.rb @@ -55,7 +55,7 @@ def self.skip_env?(env) end def self.invalid_response?(resp) - resp.empty? || resp.length > configuration.response_limit + resp.empty? || resp.length > configuration.response_limit[:max] || resp.length < configuration.response_limit[:min] end def self.verify_via_api_call(response, options) From 35d699cb836623cb3b5681553e7c47e5a71b79f0 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Mon, 13 Jan 2025 14:11:33 +0530 Subject: [PATCH 03/10] default min and max response length configuration.rb --- lib/recaptcha/configuration.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/recaptcha/configuration.rb b/lib/recaptcha/configuration.rb index 3b49612f..b9ade7b1 100644 --- a/lib/recaptcha/configuration.rb +++ b/lib/recaptcha/configuration.rb @@ -56,7 +56,7 @@ def initialize # :nodoc: @verify_url = nil @api_server_url = nil - @response_limit = 4000 + @response_limit = { max: 4000, min:100 } end def secret_key! From 2d1064d93de75a3a5cb75c2c8c3e79f990880fc7 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Mon, 13 Jan 2025 14:13:54 +0530 Subject: [PATCH 04/10] Add test case for min response lenght verify_enterprise_test.rb --- test/verify_enterprise_test.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/test/verify_enterprise_test.rb b/test/verify_enterprise_test.rb index 271cb313..dbbc04c3 100644 --- a/test/verify_enterprise_test.rb +++ b/test/verify_enterprise_test.rb @@ -180,7 +180,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_LIMIT" do + it "does not verify via http call when response length exceeds G_RESPONSE_MAX_LIMIT" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -190,6 +190,16 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end + it "does not verify via http call when response length exceeds G_RESPONSE_MIN_LIMIT" do + # this returns a 400 or 413 instead of a 200 response with error code + # typical response length is less than 100 characters + str = "a" * 99 + @controller.params = { 'g-recaptcha-response' => "#{str}"} + assert_not_requested :get, %r{\.google\.com} + assert_equal false, @controller.verify_recaptcha + assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] + end + describe ':hostname' do let(:hostname) { 'fake.hostname.com' } From a6dd8396a60f65150b04f678ed8465bf67245e08 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Mon, 13 Jan 2025 14:15:00 +0530 Subject: [PATCH 05/10] Add test cases for min response limit validation --- test/verify_test.rb | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/test/verify_test.rb b/test/verify_test.rb index 7ee73063..26e6aebb 100644 --- a/test/verify_test.rb +++ b/test/verify_test.rb @@ -199,7 +199,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_LIMIT" do + it "does not verify via http call when response length exceeds G_RESPONSE_MAX_LIMIT" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -209,6 +209,16 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end + it "does not verify via http call when response length below G_RESPONSE_MIN_LIMIT" do + # this returns a 400 or 413 instead of a 200 response with error code + # typical response length is less than 100 characters + str = "a" * 99 + @controller.params = { 'g-recaptcha-response' => "#{str}"} + assert_not_requested :get, %r{\.google\.com} + assert_equal false, @controller.verify_recaptcha + assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] + end + describe ':hostname' do let(:hostname) { 'fake.hostname.com' } From 66ec884137a1ef3af34a6fae0a3a9574d3943e00 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Tue, 14 Jan 2025 14:47:29 +0530 Subject: [PATCH 06/10] review changes README.md --- README.md | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/README.md b/README.md index 6bdfab88..ee890662 100644 --- a/README.md +++ b/README.md @@ -588,7 +588,8 @@ Recaptcha.configure do |config| config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx' config.verify_url = 'https://hcaptcha.com/siteverify' config.api_server_url = 'https://hcaptcha.com/1/api.js' - config.response_limit = { max: 100000, min: 100 } + config.response_limit = 100000 + config.response_minimum = 100 end ``` From 6461ab3bc2258c9298c25348e5033f3e086387e2 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Tue, 14 Jan 2025 14:49:54 +0530 Subject: [PATCH 07/10] review changes recaptcha.rb --- lib/recaptcha.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/recaptcha.rb b/lib/recaptcha.rb index 8dc82932..57b5a5e9 100644 --- a/lib/recaptcha.rb +++ b/lib/recaptcha.rb @@ -55,7 +55,7 @@ def self.skip_env?(env) end def self.invalid_response?(resp) - resp.empty? || resp.length > configuration.response_limit[:max] || resp.length < configuration.response_limit[:min] + resp.empty? || resp.length > configuration.response_limit || resp.length < configuration.response_minimum end def self.verify_via_api_call(response, options) From b2a7df905308c409ceb0de50bf4a4fd7de5cc874 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Tue, 14 Jan 2025 14:51:35 +0530 Subject: [PATCH 08/10] review changes configuration.rb --- lib/recaptcha/configuration.rb | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/lib/recaptcha/configuration.rb b/lib/recaptcha/configuration.rb index b9ade7b1..156250f0 100644 --- a/lib/recaptcha/configuration.rb +++ b/lib/recaptcha/configuration.rb @@ -38,7 +38,7 @@ class Configuration }.freeze attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, - :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit + :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit, :response_minimum attr_writer :api_server_url, :verify_url def initialize # :nodoc: @@ -56,7 +56,8 @@ def initialize # :nodoc: @verify_url = nil @api_server_url = nil - @response_limit = { max: 4000, min:100 } + @response_limit = 4000 + @response_minimum = 100 end def secret_key! From 0ce0c24e96dc7526bed458e2742ea15f1a3ed6ac Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Tue, 14 Jan 2025 14:55:14 +0530 Subject: [PATCH 09/10] review changes verify_enterprise_test.rb --- test/verify_enterprise_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/verify_enterprise_test.rb b/test/verify_enterprise_test.rb index dbbc04c3..1e257ca2 100644 --- a/test/verify_enterprise_test.rb +++ b/test/verify_enterprise_test.rb @@ -180,7 +180,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_MAX_LIMIT" do + it "does not verify via http call when response length exceeds limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -190,7 +190,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_MIN_LIMIT" do + it "does not verify via http call when response length below limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 100 characters str = "a" * 99 From 98ffb259e82f4cea49526e281b9a4a01ca6a8244 Mon Sep 17 00:00:00 2001 From: Akash Karmakar Date: Tue, 14 Jan 2025 14:56:22 +0530 Subject: [PATCH 10/10] review changes verify_test.rb --- test/verify_test.rb | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/test/verify_test.rb b/test/verify_test.rb index 26e6aebb..37e8f9b7 100644 --- a/test/verify_test.rb +++ b/test/verify_test.rb @@ -199,7 +199,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_MAX_LIMIT" do + it "does not verify via http call when response length exceeds limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -209,7 +209,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length below G_RESPONSE_MIN_LIMIT" do + it "does not verify via http call when response length below limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 100 characters str = "a" * 99