markets · markets · Feb 20, 2024 · Feb 19, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,10 @@
 
 All notable changes to this project will be documented in this file.
 
+## Unreleased
+
+- Run honeypot + spinner checks and their callback also if timestamp triggers but passes through (#132)
+
 ## [2.2.0]
 
 - Official support for Rails 7.1

diff --git a/lib/invisible_captcha/controller_ext.rb b/lib/invisible_captcha/controller_ext.rb
@@ -21,7 +21,9 @@ def invisible_captcha(options = {})
     def detect_spam(options = {})
       if timestamp_spam?(options)
         on_timestamp_spam(options)
-      elsif honeypot_spam?(options) || spinner_spam?
+        return if performed?
+      end
+      if honeypot_spam?(options) || spinner_spam?
         on_spam(options)
       end
     end

diff --git a/spec/controllers_spec.rb b/spec/controllers_spec.rb
@@ -71,6 +71,12 @@ def custom_timestamp_callback
         .to be_present
     end
 
+    it 'runs on_spam callback if on_timestamp_spam callback is defined but passes' do
+      put :test_passthrough, params: { id: 1, topic: { title: 'bar', subtitle: 'foo' } }
+
+      expect(response.status).to eq(204)
+    end
+
     context 'successful submissions' do
       it 'passes if submission on or after timestamp_threshold' do
         sleep InvisibleCaptcha.timestamp_threshold
@@ -98,6 +104,12 @@ def custom_timestamp_callback
         expect(flash[:error]).not_to be_present
         expect(response.body).to redirect_to(new_topic_path)
       end
+
+      it 'passes if on_timestamp_spam doesn\'t perform' do
+        put :test_passthrough, params: { id: 1, topic: { title: 'bar' } }
+
+        expect(response.body).to redirect_to(new_topic_path)
+      end
     end
   end
 

diff --git a/spec/dummy/app/controllers/topics_controller.rb b/spec/dummy/app/controllers/topics_controller.rb
@@ -13,6 +13,10 @@ class TopicsController < ApplicationController
 
   invisible_captcha only: :categorize
 
+  invisible_captcha honeypot: :subtitle, only: :test_passthrough,
+    on_spam: :catching_on_spam_callback,
+    on_timestamp_spam: :on_timestamp_spam_callback_with_passthrough
+
   def index
     redirect_to new_topic_path
   end
@@ -56,6 +60,10 @@ def copy
     end
   end
 
+  def test_passthrough
+    redirect_to new_topic_path
+  end
+
   private
 
   def custom_callback
@@ -65,4 +73,12 @@ def custom_callback
   def custom_timestamp_callback
     head(204)
   end
+
+  def on_timestamp_spam_callback_with_passthrough
+  end
+
+  def catching_on_spam_callback
+    head(204)
+  end
+
 end
diff --git a/spec/dummy/config/routes.rb b/spec/dummy/config/routes.rb
@@ -4,6 +4,7 @@
     post :rename, on: :collection
     post :categorize, on: :collection
     post :copy, on: :collection
+    post :test_passthrough, on: :collection
   end
 
   root to: 'topics#new'