Agile Web Development

Build it. Launch it. Love it.

Links

ReCaptcha

Categories

Ready-made Rails code

ReCaptcha

Author:Jason L Perry (http://ambethia.com)
Copyright:Copyright © 2007 Jason L Perry
License:MIT
Info:http://ambethia.com/recaptcha
Git:http://github.com/ambethia/recaptcha
Bugs:http://github.com/ambethia/recaptcha/issues

This plugin adds helpers for the {reCAPTCHA API}[http://recaptcha.net]. In your views you can use the recaptcha_tags method to embed the needed javascript, and you can validate in your controllers with verify_recaptcha.

You’ll want to add your public and private API keys in the environment variables RECAPTCHA_PUBLIC_KEY and RECAPTCHA_PRIVATE_KEY, respectively. You could also specify them in config/environment.rb if you are so inclined (see below). Exceptions will be raised if you call these methods and the keys can’t be found.

Rails Installation

reCAPTCHA for Rails can be installed as a gem: 

  config.gem "recaptcha", :lib => "recaptcha/rails"

Or, as a standard rails plugin: 

  script/plugin install git://github.com/ambethia/recaptcha.git

Merb Installation

reCAPTCHA can also be used in a Merb application when installed as a gem: 

  dependency "alm-recaptcha", ">=0.2.2.1", :require_as => "recaptcha/merb"

Initial Merb compatability funded by ALM Labs.

Setting up your API Keys

There are two ways to setup your reCAPTCHA API keys once you {obtain}[http://recaptcha.net/whyrecaptcha.html] a pair. You can pass in your keys as options at runtime, for example: 

  recaptcha_tags :public_key => '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'

and later, 

  verify_recaptcha :private_key => '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'

Or, preferably, you can keep your keys out of your code base by exporting the environment variables mentioned earlier. You might do this in the .profile/rc, or equivalent for the user running your application: 

  export RECAPTCHA_PUBLIC_KEY  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
  export RECAPTCHA_PRIVATE_KEY = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'

If that’s not your thing, and dropping things into config/environment.rb is, you can just do: 

  ENV['RECAPTCHA_PUBLIC_KEY']  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
  ENV['RECAPTCHA_PRIVATE_KEY'] = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'

recaptcha_tags

Some of the options available:

:ssl:Uses secure http for captcha widget (default false)
:noscript:Include <noscript> content (default true)
:display:Takes a hash containing the theme and tabindex options per the API. (default nil)
:ajax:Render the dynamic AJAX captcha per the API. (default false)
:public_key:Your public API key, takes precedence over the ENV variable (default nil)
:error:Override the error code returned from the reCAPTCHA API (default nil)

You can also override the html attributes for the sizes of the generated textarea and iframe elements, if CSS isn’t your thing. Inspect the source of recaptcha_tags to see these options.

verify_recaptcha

This method returns true or false after processing the parameters from the reCAPTCHA widget. Why isn’t this a model validation? Because that violates MVC. Use can use it like this, or how ever you like. Passing in the ActiveRecord object is optional, if you do—and the captcha fails to verify—an error will be added to the object for you to use.

Some of the options available:

:model:Model to set errors
:message:Custom error message
:private_key:Your private API key, takes precedence over the ENV variable (default nil).
:timeout:The number of seconds to wait for reCAPTCHA servers before give up. (default +3+) 
  respond_to do |format|
    if verify_recaptcha(:model => @post, :message => 'Oh! It's error with reCAPTCHA!') && @post.save
      # ...
    else
      # ...
    end
  end

TODO

  • Remove Rails/ActionController dependencies
  • Framework agnostic
  • Add some helpers to use in before_filter and what not
  • Better documentation

Vitals

Home http://ambethia.com/recaptcha
Repository git://github.com/ambethia/recaptcha.git
License Rails' (MIT)
Tags Tag_red authentication captcha recaptcha robots security spam spam
Rating (40 votes)
Owner Jason L Perry
Created 26 May 2007

Comments

  • Avatar
    sergey
    7 September 2007

    save in this way verify_recaptcha(@post) && @post.save

    will behave strange, user can make errors in model, but will see only catcha error. He he will forced to enter corrent captha, only to see errors in model

  • Avatar
    Guy Davis
    22 September 2007

    Doesn't work when the <script src='..recaptcha.org...'> tag is placed into the DOM using using ExtJS UpdateManager even with loadScripts=true. Error in Firebug: Recaptcha State not defined. recaptcha.js:483.

  • Avatar
    Peter
    21 December 2007

    sergey- Good point. I'd recommend doing @post.save && verify_recaptcha(@post). Switch the order. That way, if the model doesn't validate, it takes precedence, and a new captcha is generated anyway (AFAIK).

  • Avatar
    Henrik N
    10 January 2008

    sergey, Peter:

    @post.save && verify_recaptcha(@post)

    is not a good idea. If the @post is valid, then the @post database record is successfully saved without consulting the captcha. May I suggest this instead:

    [@post.valid?, verify_recaptcha(@post)].all? && @post.save

    This also has the benefit of showing both the @post validation errors and the added captcha error.

    Some feedback on the plugin:

    I would like an option to specify your own validation error message for a captcha mismatch. Or, really, it could just be changed from "Captcha response is incorrect, please try again." to "Captcha response is incorrect" and I'd be happy with the default. The "please try again" and the period are unconventional.

    I don't like how captcha errors are stored in session. If you get a captcha wrong when making a post, then give up, then revisit the site and open the "new post" page again, you'll see "Incorrect. Try again." before trying anything.

  • Avatar
    g
    3 May 2008

    would love to see an example tag that changes the theme. i have tried everything under the sun but nothing i have tried works.

  • Avatar
    Jonaphin
    8 July 2008

    Sergey,

    Do it this way:

    if [@user.valid?, verify_recaptcha(@user)].all? @user.save

    That will solve your issue.

  • DW
    15 August 2008

    FYI: Just installed using SVN repository and got this at the end:

    "This plugin has moved to http://github.com/ambethia/recaptcha"

  • Avatar
    KevBurnsJr
    30 August 2008

    g : drop a few lines of javascript just ABOVE the captcha call in the 'new' view.

    RecaptchaOptions = { theme : 'custom' };

    http://pastie.org/263015

  • Avatar
    Adam Florin
    24 September 2008

    Nice work. But it looks like the :display hash is being unnecessarily html escaped on output, btw, which makes the JS var invalid... just fyi

Add a comment