I'd like to implement a captcha in a Rails project for a form submission, but I'm not sure what to go with. I'm inclining towards simplicity of implemention, and reliability when in use, over it being too sophisticated, as my application doesn't require too high a level of security.
Anyone have any recommendations?
The easiest way to add a CAPTCHA to your Rails application is using Ambethia reCAPTCHA:
1. Installation:
config.gem "ambethia-recaptcha", :lib => "recaptcha/rails",
:source => "http://gems.github.com"
You can install it as a plugin, too, if you like.
2. Get a reCAPTCHA account:
You have to create a reCAPTCHA key. You can do it on the reCAPTCHA site.
3. Usage:
Use recaptcha_tags to output the necessary HTML code and then verify the input with verify_recaptcha.
4. Further reading:
Add the following to your GEMFILE
gem "galetahub-simple_captcha", :require => "simple_captcha"
or
gem 'galetahub-simple_captcha', :require => 'simple_captcha',
:git => 'git://github.com/galetahub/simple-captcha.git'
Then run bundle install if you're using Bundler (or use the package manager for your Rails configuration)
After installation, follow these simple steps to setup the plugin. The setup will depend on the version of rails your application is using.
rails generate simple_captcha
rake db:migrate
Add the following line in the file “app/controllers/application.rb”
ApplicationController < ActionController::Base
include SimpleCaptcha::ControllerHelpers
end
In the view file within the form tags add this code
<%= show_simple_captcha %>
and in the controller’s action authenticate it as
if simple_captcha_valid?
do this
else
do that
end
In the view file within the form tags add this code
<%= show_simple_captcha(:object=>"user") %>
and in the model class add this code
class User < ActiveRecord::Base
apply_simple_captcha
end
<%= form_for @user do |form| -%>
...
<%= form.simple_captcha :label => "Enter numbers.." %>
...
<% end -%>
NOTE: @user.valid? will still work as it should, it will not validate the captcha code.
@user.valid_with_captcha?
NOTE: @user.save will still work as it should, it will not validate the captcha code.
@user.save_with_captcha
SimpleCaptcha detects if your use Formtastic and appends
“SimpleCaptcha::CustomFormBuilder”.
<%= form.input :captcha, :as => :simple_captcha %>
*label* - provides the custom text b/w the image and the text field, the default is “type the code from the image”
*object* - the name of the object of the model class, to implement the model based captcha.
*code_type* - return numeric only if set to ‘numeric’
image_style - provides the specific image style for the captcha image.
There are eight different styles available with the plugin as…
Default style is ‘simply_blue’. You can also specify ‘random’ to select the random image style.
distortion - handles the complexity of the image. The :distortion can be set to ‘low’, ‘medium’ or ‘high’. Default is ‘low’.
*Create “rails_root/config/initializers/simple_captcha.rb”*
SimpleCaptcha.setup do |sc|
# default: 100x28
sc.image_size = '120x40'
# default: 5
sc.length = 6
# default: simply_blue
# possible values:
# 'embosed_silver',
# 'simply_red',
# 'simply_green',
# 'simply_blue',
# 'distorted_black',
# 'all_black',
# 'charcoal_grey',
# 'almost_invisible'
# 'random'
sc.image_style = 'simply_green'
# default: low
# possible values: 'low', 'medium', 'high', 'random'
sc.distortion = 'medium'
end
You can add your own style:
SimpleCaptcha.setup do |sc|
sc.image_style = 'mycaptha'
sc.add_image_style('mycaptha', [
"-background '#F4F7F8'",
"-fill '#86818B'",
"-border 1",
"-bordercolor '#E0E2E3'"])
end
You can provide the path where image_magick is installed as well:
SimpleCaptcha.setup do |sc|
sc.image_magick_path = '/usr/bin' # you can check this from console by running: which convert
end
You can provide the path where should be stored tmp files. It’s usefull when you dont have acces to /tmp (default directory)
SimpleCaptcha.setup do |sc|
sc.tmp_path = '/tmp' # or somewhere in project eg. Rails.root.join('tmp/simple_captcha').to_s, make shure directory exists
end
How to change the CSS for SimpleCaptcha DOM elements?
You can change the CSS of the SimpleCaptcha DOM elements as per your need in this file.
*/app/views/simple_captcha/_simple_captcha.erb*
Controller Based Example
<%= show_simple_captcha %>
<%= show_simple_captcha(:label => "human authentication") %>
<%= show_simple_captcha(:object => 'user', :label => "human authentication") %>
Model Options
message - provides the custom message on failure of captcha authentication the default is “Secret Code did not match with the Image”
add_to_base - if set to true, appends the error message to the base.
Model’s Example
class User < ActiveRecord::Base
apply_simple_captcha
end
class User < ActiveRecord::Base
apply_simple_captcha :message => "The secret Image and code were different", :add_to_base => true
end
Well, ReCaptcha will do the job and there are many tutorials on it online.
However, you have to write a correct "def create" (create method) in your controller that will pass whatever is in your form plus validate Recaptcha at the same time. Then it will work nicely.
There was one little problem with it. After I inserted ReCaptcha into my form, the form validation stopped working. However, it can be fixed with an easy code inserted into the model file:
after_validation :on => :create
(:create = is the "def create" method in your controller). It will force the form to validate the form first and then validate Recaptcha.
I've used Recaptcha in one of my PHP project. http://recaptcha.net/
According to the site, it also has plugins for Ruby (http://recaptcha.net/resources.html). Although first ruby link didn't work, next link still works. http://svn.ambethia.com/pub/rails/plugins/recaptcha/
Check it.
I've used ambethia recapchat for rails application. it most easy than other
reCAPTCHA for rails is great, in terms of functionality. However, if you require XHTML validation, RUN AWAY! This plugin does not (and probably never will) validate. I find it embarrassing that only one page on my entire site does not validate - it is the page with reCAPTCHA. If there was ANY other choice, I would take it.
if you're after a CAPTCHA that validates, and is (almost) as easy to use as reCAPTCHA, please give my SlideCAPTCHA a try. (Wrote it a few days ago, needs some tests in real-life usage.) I based its deployment process on the reCAPTCHA plugin, but you can style it with CSS.
It does require Ruby/GD, however, so if you don't have GD already, I can't promise that GD is easy to install and use!
