Socket
Book a DemoInstallSign in
Socket
Book a DemoInstallSign in

recaptcha-prx

Package Overview
Dependencies
Maintainers
2
Alerts
File Explorer

Advanced tools

License
Socket logo

Install Socket

Detect and block malicious and high-risk dependencies

Install

recaptcha-prx

4.6.6
bundlerRubygems
Version published
Maintainers
2
Created
Source

reCAPTCHA

Author: Jason L Perry (http://ambethia.com)
Copyright: Copyright (c) 2007-2013 Jason L Perry
License: MIT
Info: https://github.com/ambethia/recaptcha
Bugs: https://github.com/ambethia/recaptcha/issues

This plugin adds helpers for the reCAPTCHA API. In your views you can use the recaptcha_tags method to embed the needed javascript, and you can validate in your controllers with verify_recaptcha or verify_recaptcha!, which throws an error on failiure.

Rails Installation

obtain a reCAPTCHA API key. Note: Use localhost or 127.0.0.1 in domain if using localhost:3000.

gem "recaptcha", require: "recaptcha/rails"

Keep keys out of the code base with environment variables.
Set in production and locally use dotenv, make sure to add it above recaptcha.

Otherwise see Alternative API key setup.

export RECAPTCHA_SITE_KEY  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
export RECAPTCHA_SECRET_KEY = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'

Add recaptcha_tags to the forms you want to protect.

<%= form_for @foo do |f| %>
  # ... other tags
  <%= recaptcha_tags %>
  # ... other tags
<% end %>

And, add verify_recaptcha logic to each form action that you've protected.

# app/controllers/users_controller.rb
@user = User.new(params[:user].permit(:name))
if verify_recaptcha(model: @user) && @user.save
  redirect_to @user
else
  render 'new'
end

Sinatra / Rack / Ruby installation

See sinatra demo for details.

  • add gem 'recaptcha' to Gemfile
  • set env variables
  • include Recaptcha::ClientHelper where you need recaptcha_tags
  • include Recaptcha::Verify where you need verify_recaptcha

recaptcha_tags

Some of the options available:

OptionDescription
:noscriptInclude content (default true)
:themeSpecify the theme to be used per the API. Available options: dark and light. (default light)
:ajaxRender the dynamic AJAX captcha per the API. (default false)
:site_keyOverride site API key
:errorOverride the error code returned from the reCAPTCHA API (default nil)
:sizeSpecify a size (default nil)
:hlOptional. Forces the widget to render in a specific language. Auto-detects the user's language if unspecified. (See language codes)
:idSpecify an html id attribute (default nil)
:scriptIf you do not need to add a script tag by helper you can set the option to false. It's necessary when you add a script tag manualy (default true)

You can also override the html attributes for the sizes of the generated textarea and iframe elements, if CSS isn't your thing. Inspect the source of recaptcha_tags to see these options.

verify_recaptcha

This method returns true or false after processing the parameters from the reCAPTCHA widget. Why isn't this a model validation? Because that violates MVC. You can use it like this, or how ever you like. Passing in the ActiveRecord object is optional, if you do--and the captcha fails to verify--an error will be added to the object for you to use.

Some of the options available:

OptionDescription
:modelModel to set errors.
:attributeModel attribute to receive errors. (default :base)
:messageCustom error message.
:secret_keyOverride secret API key.
:timeoutThe number of seconds to wait for reCAPTCHA servers before give up. (default 3)
:responseCustom response parameter. (default: params['g-recaptcha-response'])
:hostnameExpected hostname or a callable that validates the hostname, see domain validation and hostname docs. (default: nil, but can be changed by setting config.hostname)
:envCurrent environment. The request to verify will be skipped if the environment is specified in configuration under skip_verify_env

invisible_recaptcha_tags

Make sure to read Invisible reCAPTCHA.

With a single form on a page

  • The invisible_recaptcha_tags generates a submit button for you.
<%= form_for @foo do |f| %>
  # ... other tags
  <%= invisible_recaptcha_tags text: 'Submit form' %>
<% end %>

Then, add verify_recaptcha to your controller as seen above.

With multiple forms on a page

  • You will need a custom callback function, which is called after verification with Google's reCAPTCHA service. This callback function must submit the form. Optionally, invisible_recaptcha_tags currently implements a JS function called invisibleRecaptchaSubmit that is called when no callback is passed. Should you wish to override invisibleRecaptchaSubmit, you will need to use invisible_recaptcha_tags script: false, see lib/recaptcha/client_helper.rb for details.
  • The invisible_recaptcha_tags generates a submit button for you.
<%= form_for @foo, html: {id: 'invisible-recaptcha-form'} do |f| %>
  # ... other tags
  <%= invisible_recaptcha_tags callback: 'submitInvisibleRecaptchaForm', text: 'Submit form' %>
<% end %>

// app/assets/javascripts/application.js
var submitInvisibleRecaptchaForm = function () {
  document.getElementById("invisible-recaptcha-form").submit();
};

Finally, add verify_recaptcha to your controller as seen above.

I18n support

reCAPTCHA passes two types of error explanation to a linked model. It will use the I18n gem to translate the default error message if I18n is available. To customize the messages to your locale, add these keys to your I18n backend:

recaptcha.errors.verification_failed error message displayed if the captcha words didn't match recaptcha.errors.recaptcha_unreachable displayed if a timeout error occured while attempting to verify the captcha

Also you can translate API response errors to human friendly by adding translations to the locale (config/locales/en.yml):

en:
  recaptcha:
    errors:
      verification_failed: 'Fail'

Testing

By default, reCAPTCHA is skipped in "test" and "cucumber" env. To enable it during test:

Recaptcha.configuration.skip_verify_env.delete("test")

Alternative API key setup

Recaptcha.configure

# config/initializers/recaptcha.rb
Recaptcha.configure do |config|
  config.site_key  = '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'
  config.secret_key = '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'
  # Uncomment the following line if you are using a proxy server:
  # config.proxy = 'http://myproxy.com.au:8080'
end

Recaptcha.with_configuration

For temporary overwrites (not thread safe).

Recaptcha.with_configuration(site_key: '12345') do
  # Do stuff with the overwritten site_key.
end

Per call

Pass in keys as options at runtime, for code base with multiple reCAPTCHA setups:

recaptcha_tags site_key: '6Lc6BAAAAAAAAChqRbQZcn_yyyyyyyyyyyyyyyyy'

# and

verify_recaptcha secret_key: '6Lc6BAAAAAAAAKN3DRm6VA_xxxxxxxxxxxxxxxxx'

Misc

FAQs

Package last updated on 02 Apr 2018

Did you know?

Socket

Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.

Install

Related posts

Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Security News

Nx npm Packages Compromised in Supply Chain Attack Weaponizing AI CLI Tools

Malicious Nx npm versions stole secrets and wallet info using AI CLI tools; Socket’s AI scanner detected the supply chain attack and flagged the malware.

By Sarah Gooding, Olivia Brown, Peter van der Zee  -  Aug 27, 2025
SocketSocket SOC 2 Logo

Product

About

Packages

Explore npm
Explore Cargo
Explore Go
Explore Maven
Explore NuGet
Explore PyPI
Explore Rubygems

Stay in touch

Get open source security insights delivered straight into your inbox.

  • Terms
  • Privacy
  • Security

Made with ⚡️ by Socket Inc

U.S. Patent No. 12,346,443 & 12,314,394. Other pending.