Invisible Captcha

Simple and flexible spam protection solution for Rails applications using honeypot strategy and for better user experience. Support for ActiveRecord (and ActiveModel) forms and for non-RESTful resources.

Installation

Add this line to you Gemfile:

gem 'invisible_captcha'

Or install gem manually:

gem install invisible_captcha

Usage

There are different ways to implement:

Model style

View code:

<%= form_for(@topic) do |f| %>
  <%= f.invisible_captcha :subtitle %>
<% end %>

Model code:

class Topic < ActiveRecord::Base
  attr_accessor :subtitle # virtual attribute, the honeypot
  validates :subtitle, :invisible_captcha => true
end

If you are using strong_parameters, don't forget to keep the honeypot attribute into the params hash:

def topic_params
  params.require(:topic).permit(:subtitle)
end

Controller style

View code:

<%= form_for(@topic) do |f| %>
  <%= invisible_captcha %>
<% end %>

Controller code:

class TopicsController < ApplicationController
  before_filter :check_invisible_captcha # :only => [:create, :update]
  # your controller code
end

This filter triggers when the spam is the in params and responds without content (only headers). If you desire a different behaviour, you can use a provided method to check manualy if invisible captcha (fake field) is present:

if invisible_captcha?
  # spam present
else
  # no spam
end

Controller style (resource oriented):

In your form:

<%= form_for(@topic) do |f| %>
  <%= f.invisible_captcha :subtitle %>
<% end %>

In your controller:

def create
  if invisible_captcha?(:topic, :subtitle)
    head 200 # or redirect_to new_topic_path
  else
    # regular workflow
  end
end

Setup

If you want to customize some defaults, add the following to an initializer (config/initializers/invisible_captcha.rb):

InvisibleCaptcha.setup do |ic|
  ic.sentence_for_humans = 'If you are a human, ignore this field'
  ic.error_message = 'You are a robot!'
  ic.fake_fields << 'another_fake_field'
end