#10 Invisible Captcha


Part of a good User Experience is making your application easy to use for your users. However, a few bad apples often cause a hinderance to your UX/UI by the addition of Captchas. Learn how to create invisible captchas to protect your forms while delivering a good UX.
rails form security 4:47



In a recent version of this gem, the model helpers have since been deprecated and removed. Instead of calling the validator within your model, you can now call them in your controller on a per action basis.

For example, if you have a subject  honeypot, you can add this to your controller if you are only wanting to capture it for the create action.

invisible_captcha only: :create, honeypot: :subject, on_spam: :spam_received


def spam_received
  redirect_to root_path

Gemfilegem 'invisible_captcha'
_form.html.erb    <%= invisible_captcha %>
    <%= f.invisible_captcha :subtitle %>
Controller  invisible_captcha only: :send_contact, on_spam: :spam_detected

  def spam_detected
    redirect_to root_path, alert: 'Spam detected'
config/initializers/captcha.rb  InvisibleCaptcha.setup do |config|
    config.sentence_for_humans = 'If you are a human, ignore this field'
    config.error_message       = 'You are a robot!'
    config.honeypots          += 'fake_resource_title'
    config.visual_honeypots    = false
[email protected] said over 1 year ago on Invisible Captcha :

Hi everyone!

I was just playing with invisible captcha. I like it but the issue I'm running into is that my system tests (Rails 5.2) fail. I believe its because of the timestamp feature of the gem. There is a configuration in that file where time_stamp_enabled = true.

I'm wondering if anyone has tried to access the gem in their testing environment and configure this to be false (or if there are any other methods for getting this to work in a testing environment)?


kobaltz PRO said over 1 year ago on Invisible Captcha :

You could set this in your config to something like Rails.env.development? || Rails.env.production? or !Rails.env.test? to bypass it on the tests.

[email protected] said over 1 year ago on Invisible Captcha :

Thanks Dave!

I just added require 'invisible_captcha' and InvisibleCaptcha.time_stamp_enabled = false in my spec/rails_helper.rb and all is good again with the world.

Thanks for the quick response!

Login to Comment