diff --git a/README.md b/README.md index 1bb7e557..ee890662 100644 --- a/README.md +++ b/README.md @@ -589,6 +589,7 @@ Recaptcha.configure do |config| config.verify_url = 'https://hcaptcha.com/siteverify' config.api_server_url = 'https://hcaptcha.com/1/api.js' config.response_limit = 100000 + config.response_minimum = 100 end ``` diff --git a/lib/recaptcha.rb b/lib/recaptcha.rb index d8e30c5f..57b5a5e9 100644 --- a/lib/recaptcha.rb +++ b/lib/recaptcha.rb @@ -55,7 +55,7 @@ def self.skip_env?(env) end def self.invalid_response?(resp) - resp.empty? || resp.length > configuration.response_limit + resp.empty? || resp.length > configuration.response_limit || resp.length < configuration.response_minimum end def self.verify_via_api_call(response, options) diff --git a/lib/recaptcha/configuration.rb b/lib/recaptcha/configuration.rb index 3b49612f..156250f0 100644 --- a/lib/recaptcha/configuration.rb +++ b/lib/recaptcha/configuration.rb @@ -38,7 +38,7 @@ class Configuration }.freeze attr_accessor :default_env, :skip_verify_env, :proxy, :secret_key, :site_key, :handle_timeouts_gracefully, - :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit + :hostname, :enterprise, :enterprise_api_key, :enterprise_project_id, :response_limit, :response_minimum attr_writer :api_server_url, :verify_url def initialize # :nodoc: @@ -57,6 +57,7 @@ def initialize # :nodoc: @api_server_url = nil @response_limit = 4000 + @response_minimum = 100 end def secret_key! diff --git a/test/verify_enterprise_test.rb b/test/verify_enterprise_test.rb index 271cb313..1e257ca2 100644 --- a/test/verify_enterprise_test.rb +++ b/test/verify_enterprise_test.rb @@ -180,7 +180,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_LIMIT" do + it "does not verify via http call when response length exceeds limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -190,6 +190,16 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end + it "does not verify via http call when response length below limit" do + # this returns a 400 or 413 instead of a 200 response with error code + # typical response length is less than 100 characters + str = "a" * 99 + @controller.params = { 'g-recaptcha-response' => "#{str}"} + assert_not_requested :get, %r{\.google\.com} + assert_equal false, @controller.verify_recaptcha + assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] + end + describe ':hostname' do let(:hostname) { 'fake.hostname.com' } diff --git a/test/verify_test.rb b/test/verify_test.rb index 7ee73063..37e8f9b7 100644 --- a/test/verify_test.rb +++ b/test/verify_test.rb @@ -199,7 +199,7 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end - it "does not verify via http call when response length exceeds G_RESPONSE_LIMIT" do + it "does not verify via http call when response length exceeds limit" do # this returns a 400 or 413 instead of a 200 response with error code # typical response length is less than 400 characters str = "a" * 4001 @@ -209,6 +209,16 @@ def initialize assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] end + it "does not verify via http call when response length below limit" do + # this returns a 400 or 413 instead of a 200 response with error code + # typical response length is less than 100 characters + str = "a" * 99 + @controller.params = { 'g-recaptcha-response' => "#{str}"} + assert_not_requested :get, %r{\.google\.com} + assert_equal false, @controller.verify_recaptcha + assert_equal "reCAPTCHA verification failed, please try again.", @controller.flash[:recaptcha_error] + end + describe ':hostname' do let(:hostname) { 'fake.hostname.com' }