| 1 |
BrainBuster - A Logic Captcha For Rails |
|---|
| 2 |
======================================= |
|---|
| 3 |
Homepage: http://opensource.thinkrelevance.com/wiki/BrainBuster |
|---|
| 4 |
Mailing List: http://groups.google.com/group/brainbuster-discuss |
|---|
| 5 |
Git Repository (dev happens here): git://github.com/rsanheim/brain_buster.git |
|---|
| 6 |
SVN Repository (read only mirror): http://opensource.thinkrelevance.com/svn/plugins/brain_buster/trunk/ |
|---|
| 7 |
|
|---|
| 8 |
Notes |
|---|
| 9 |
========================= |
|---|
| 10 |
The latest version removes all deprecated code from 0.7 and below, and does serious clean up all over the place. |
|---|
| 11 |
|
|---|
| 12 |
You now have to handle captcha failure on your own, since Rails 2.0 requires a render or redirect to halt a filter chain. This makes sense anyways, because if you really want a decent user experience you should be placing the user's half saved model in the flash (or an ivar, or a cookie, or whatever) and then pulling it back into the form if the captcha fails. |
|---|
| 13 |
|
|---|
| 14 |
See the CHANGELOG for more details. |
|---|
| 15 |
|
|---|
| 16 |
Quick Install |
|---|
| 17 |
============= |
|---|
| 18 |
|
|---|
| 19 |
* How to install fresh in a Rails app? |
|---|
| 20 |
|
|---|
| 21 |
script/plugin install http://opensource.thinkrelevance.com/svn/plugins/brain_buster/trunk/ |
|---|
| 22 |
script/generate brain_buster_migration |
|---|
| 23 |
rake db:migrate |
|---|
| 24 |
optionally set the cookie salt in your ApplicationController (or don't touch it to use the default) |
|---|
| 25 |
add the appropriate filters where you want to use the captcha |
|---|
| 26 |
render the _captcha.rhtml partial to any views where you want to challenge the user and you are all set! |
|---|
| 27 |
|
|---|
| 28 |
* Want to check out the source? |
|---|
| 29 |
|
|---|
| 30 |
git clone git://github.com/rsanheim/brain_buster.git |
|---|
| 31 |
|
|---|
| 32 |
or |
|---|
| 33 |
|
|---|
| 34 |
svn checkout http://opensource.thinkrelevance.com/svn/plugins/brain_buster/trunk/ brainbuster |
|---|
| 35 |
|
|---|
| 36 |
* Need more help? |
|---|
| 37 |
|
|---|
| 38 |
Join the mailing list: http://groups.google.com/group/brainbuster-discuss |
|---|
| 39 |
|
|---|
| 40 |
Intro |
|---|
| 41 |
===== |
|---|
| 42 |
BrainBuster is a logic captcha for Rails. A logic captcha attempts to detect automated responses (ie spambots) by asking a simple question, such as a word puzzle or math question. Logic captchas are often easier for humans to answer then image based captchas, but can exclude foreign users or users with cognitive disabilities. |
|---|
| 43 |
|
|---|
| 44 |
Some example question and answers are: |
|---|
| 45 |
|
|---|
| 46 |
"What is fifteen minus five?" => "10" |
|---|
| 47 |
"Which one of these doesn't fit? 'blue, red, yellow, flower'" => 'flower' |
|---|
| 48 |
|
|---|
| 49 |
For more on logic captchas and alternate approaches, please see http://www.w3.org/TR/turingtest/#logic |
|---|
| 50 |
|
|---|
| 51 |
Details |
|---|
| 52 |
======================================= |
|---|
| 53 |
BrainBuster includes a model for storing questions and answers, a small module that is mixed into ActionController::Bases, a small partial to display the question and input form, and a basic stylesheet for styling the partial. There is also a "captcha_footer" partial that is not functionally required at all, its just included to make it easy to give credit and a little link-love if you find this useful. The style sheet is also not required of course, it just has a little bit of clean css for the captcha form. |
|---|
| 54 |
|
|---|
| 55 |
This captcha is meant to be user-friendly, so for a questions like "What is two plus two", all of the following answers will work: "4", "four", "Four", " four ". By default, a user only needs to answer a captcha _once_, then they are cookied and don't have to answer another question until they close/reopen their browser. |
|---|
| 56 |
|
|---|
| 57 |
Installation |
|---|
| 58 |
======================================= |
|---|
| 59 |
* Generate the migration, modifying questions and answers if you wish: |
|---|
| 60 |
|
|---|
| 61 |
script/generate brain_buster_migration |
|---|
| 62 |
|
|---|
| 63 |
* Now add the filters for any action(s) you want protected. Lets say in a PagesController you have a show action that presents a page to a user with some nice ajax capable fields that can directly post to an update action to change the page. So we need to create a captcha before we show the page so we can present the captcha question to the user, and we need to validate that captcha before we update. |
|---|
| 64 |
|
|---|
| 65 |
class PagesController |
|---|
| 66 |
before_filter :create_brain_buster, :only => [:show] |
|---|
| 67 |
before_filter :validate_brain_buster, :only => [:update] |
|---|
| 68 |
|
|---|
| 69 |
def show # your normal code is here |
|---|
| 70 |
def update # updating your models, etc |
|---|
| 71 |
|
|---|
| 72 |
* override render_or_redirect_for_captcha_failure in your controller, to handle the captcha failure state. Note that if you *don't override* this method, BrainBuster will just do render :text with the brain buster error message -- this is probably not what you want. |
|---|
| 73 |
|
|---|
| 74 |
class PagesController |
|---|
| 75 |
|
|---|
| 76 |
def render_or_redirect_for_captcha_failure |
|---|
| 77 |
render :action => "show" |
|---|
| 78 |
end |
|---|
| 79 |
|
|---|
| 80 |
* render the partial in appropriate templates - if we are creating the captcha for the show action, we probably need the |
|---|
| 81 |
form rendered in show.rhtml. |
|---|
| 82 |
|
|---|
| 83 |
- show.rhtml: |
|---|
| 84 |
... inside your update form somewhere |
|---|
| 85 |
<%= render :partial => '/captcha' %> |
|---|
| 86 |
<%= render :partial => "/captcha_footer" %> --> optional, only if you want to give credit back... |
|---|
| 87 |
|
|---|
| 88 |
* Copy the style sheet into your app's public directory (optional) |
|---|
| 89 |
|
|---|
| 90 |
cp vendor/plugins/brain_buster/assets/stylesheets/captcha.css public/stylesheets/ |
|---|
| 91 |
|
|---|
| 92 |
# add the style sheet to any views that use the captcha |
|---|
| 93 |
<%= stylesheet_link_tag 'captcha' %> |
|---|
| 94 |
|
|---|
| 95 |
* Thats it. Now if the captcha fails on update, the filter chain will place the failure message into flash[:error] and call render_or_redirect_for_captcha_failure. |
|---|
| 96 |
|
|---|
| 97 |
Troubleshooting and Gotchas |
|---|
| 98 |
=========================== |
|---|
| 99 |
* If you don't override render_or_redirect_for_captcha_failure, you will see a plain error message for a failed captcha. |
|---|
| 100 |
* If you delete a question, the random id finder may try to find that deleted question and blow up. For now, just insert another question with that same id to fix the issue. |
|---|
| 101 |
* The built in questions and answers could be scripted fairly easily by a determined spammer, but usually just having _some_ defense makes bots move on to easier targets. |
|---|
| 102 |
|
|---|
| 103 |
Real world usage |
|---|
| 104 |
================ |
|---|
| 105 |
You can see the plugin in action at http://madisonrails.com or at http://wiki.rubyonrails.org. |
|---|
| 106 |
|
|---|
| 107 |
Credits |
|---|
| 108 |
======================================= |
|---|
| 109 |
BrainBuster is by Rob Sanheim (http://robsanheim.com) and Relevance (http://thinkrelevance.com). |
|---|
| 110 |
Email: rsanheim at gmail no spam dot com |
|---|
| 111 |
|
|---|
| 112 |
Thanks to the creators of the Exception Logger plugin (http://svn.techno-weenie.net/projects/plugins/exception_logger/) and the Unobtrusive Javascript plugin (http://www.ujs4rails.com/), as I referred to their source code for help. |
|---|
