#10 Invisible Captcha

Summary

Part of a good User Experience is making your application easy to use for your users. However, a few bad apples often cause a hinderance to your UX/UI by the addition of Captchas. Learn how to create invisible captchas to protect your forms while delivering a good UX.
rails form security 4:47

Summary

Update  

In a recent version of this gem, the model helpers have since been deprecated and removed. Instead of calling the validator within your model, you can now call them in your controller on a per action basis.

For example, if you have a subject  honeypot, you can add this to your controller if you are only wanting to capture it for the create action.

invisible_captcha only: :create, honeypot: :subject, on_spam: :spam_received

private

def spam_received
  redirect_to root_path
end

Gemfilegem 'invisible_captcha'
_form.html.erb    <%= invisible_captcha %>
    <%= f.invisible_captcha :subtitle %>
Controller  invisible_captcha only: :send_contact, on_spam: :spam_detected
  private

  def spam_detected
    redirect_to root_path, alert: 'Spam detected'
  end
config/initializers/captcha.rb  InvisibleCaptcha.setup do |config|
    config.sentence_for_humans = 'If you are a human, ignore this field'
    config.error_message       = 'You are a robot!'
    config.honeypots          += 'fake_resource_title'
    config.visual_honeypots    = false
  end
[email protected] PRO said 3 months ago:

Hi everyone!

I was just playing with invisible captcha. I like it but the issue I'm running into is that my system tests (Rails 5.2) fail. I believe its because of the timestamp feature of the gem. There is a configuration in that file where time_stamp_enabled = true.

I'm wondering if anyone has tried to access the gem in their testing environment and configure this to be false (or if there are any other methods for getting this to work in a testing environment)?

Thanks!

kobaltz PRO said 3 months ago:

You could set this in your config to something like Rails.env.development? || Rails.env.production? or !Rails.env.test? to bypass it on the tests.

[email protected] PRO said 3 months ago:

Thanks Dave!

I just added require 'invisible_captcha' and InvisibleCaptcha.time_stamp_enabled = false in my spec/rails_helper.rb and all is good again with the world.

Thanks for the quick response!

Login to Comment