Add CloudflareProtectedEmailAddress

[ondenman]

This is a step towards fixing: everypolitician/everypolitician-data#34867

Member email addresses have been obfuscated and the scraper is currently capturing a string of javascript instead of the email address:

:email=>"[email protected]/* <![CDATA[ */!function(t,e,r,n,c,a,p){try{t=document.currentScript||function(){for(t=document.getElementsByTagName('script'),e=t.length;e--;)if(t[e].getAttribute('data-cfhash'))return t[e]}();if(t&&(c=t.previousSibling)){p=t.parentNode;if(a=c.getAttribute('data-cfemail')){for(e='',r='0x'+a.substr(0,2)|0,n=2;a.length-n;n+=2)e+='%'+('0'+('0x'+a.substr(n,2)^r).toString(16)).slice(-2);p.replaceChild(document.createTextNode(decodeURIComponent(e)),c)}p.removeChild(t)}}catch(u){}}()/* ]]> */"

For example, when the obfuscated address is b3d2dfd7dcc5d6c1d2f3d7dac3c6c7d2d7dcc09dd4dcc59dc3ca, calling

CloudflareProtectedEmailAddress.new('b3d2dfd7dcc5d6c1d2f3d7dac3c6c7d2d7dcc09dd4dcc59dc3ca').human_readable

will return:
[email protected]

The javascript comes from the Paraguay member pages. The key part is:

a.substr(n,2)^r

r is the first character of the input string. The remainder is the obfuscated email. Two digit hexadecimals represent each character.

The next step will be to use this class within MemberPage.

This method of obfuscation is not particular to this site. For example, it is being used on the New Zealand site everypolitician/everypolitician-data#36492. The intention is to develop the class in this scraper before extracting it to a gem.

[tmtmtmtm]

I'm assuming the plan is to get this working here, and then extract to a gem? Would be good to note that if so.

As per previous discussion, you also need to explain where the algorithm comes from.

[tmtmtmtm]

What's your thinking behind making this require a named parameter, rather than just a positional one? If there are likely to be other arguments that might make sense, but here it seems like it just complicates the interface.

[ondenman]

I was leaning towards verbosity but I see why it complicates the interface.

[tmtmtmtm]

is this really expensive enough to need caching? (Especially compared to unobfuscated)

[tmtmtmtm]

The value returned from this still seems fairly obfuscated to me…

[tmtmtmtm]

it would be good to have another test here as well. I could make this test suite pass with a MUCH simpler implementation :D

[ondenman]

#human_readable returns the original string if the unobfuscated one does not look like at email (it tests to see if contains an @). I'm not sure if it's desirable behaviour but I think it may be more useful than returning something unintelligible if, for instance, the class was initialised with a plain email address.

[tmtmtmtm]

key and obfuscated_characters here are both taking responsibility for the same thing, but doing it in slightly different ways. This would be cleaner and more maintainable if those both used an underlying method that took care of the conversion e.g.

  def hex_pairs
    obfuscated.scan(/.{2}/).map(&:hex)
  end

  def obfuscated_characters
    hex_pairs.drop(1)
  end

  def key
    hex_pairs.first
  end

(not sure if hex_pairs is the right name here)

[tmtmtmtm]

This is a bit over-complicated.

Perhaps a simple map+join would be clearer?

   obfuscated_characters.map { |char| (char ^ key).to_s(16).prepend('%') }.join

[tmtmtmtm]

This has become much too complicated and confusing now, I fear. If you really need to do this check, I'd suggest at least factoring out that CGI.unescape(escaped_email_address) to a named method.

[tmtmtmtm]

The logic of this also seems back-to-front. A guard clause should be used to break out in unusual cases, not be the main path, with a fall through to the odd ones.

Again, I'm not convinced you need this at all, but if you do, then it would be better as:

  return obfuscated unless unescaped.include? '@'
  unescaped

[tmtmtmtm]

I'm curious here why you're using /.{2}/ rather than just ..

[tmtmtmtm]

components is a bit too overloaded a term for me to be entirely comfortable with it here — I'm not sure it really conveys what's actually going on, and could be misleading. Is there a better name you can think of?

[tmtmtmtm]

This is actually quite a misleading name too, as it returns integers, not characters

[tmtmtmtm]

I think this would be easier to follow if it actually mentioned percent encoding (or hex encoding) somewhere. Ideally that would be obvious from the name of the method, though if that's not sensible, then a comment might be called for.

[tmtmtmtm]

Now that I've worked out what's actually going on here, I'm not entirely sure that .to_s(16) gets you the correct format. This approach will convert 15 to '%f' when I think it's strictly meant to be '%0F'.

sprintf("#%02X" % i) should get you the correct value, and means you wouldn't need the prepend either.