2018-09-14 01:42:05 -04:00
# frozen_string_literal: true
2016-08-02 17:21:57 -04:00
module SpammableActions
extend ActiveSupport :: Concern
included do
before_action :authorize_submit_spammable! , only : :mark_as_spam
end
def mark_as_spam
2020-02-27 07:09:12 -05:00
if Spam :: MarkAsSpamService . new ( target : spammable ) . execute
2019-03-27 12:52:52 -04:00
redirect_to spammable_path , notice : _ ( " %{spammable_titlecase} was submitted to Akismet successfully. " ) % { spammable_titlecase : spammable . spammable_entity_type . titlecase }
2016-08-02 17:21:57 -04:00
else
2019-03-27 12:52:52 -04:00
redirect_to spammable_path , alert : _ ( 'Error with Akismet. Please check the logs for more info.' )
2016-08-02 17:21:57 -04:00
end
end
private
2017-06-10 06:28:30 -04:00
def ensure_spam_config_loaded!
2021-01-27 04:09:01 -05:00
Gitlab :: Recaptcha . load_configurations!
2017-06-10 06:28:30 -04:00
end
2017-12-08 07:26:39 -05:00
def recaptcha_check_with_fallback ( should_redirect = true , & fallback )
if should_redirect && spammable . valid?
2017-06-29 13:06:35 -04:00
redirect_to spammable_path
2017-02-14 14:07:11 -05:00
elsif render_recaptcha?
2017-06-10 06:28:30 -04:00
ensure_spam_config_loaded!
2017-12-08 07:26:39 -05:00
respond_to do | format |
format . html do
render :verify
end
format . json do
2020-02-14 19:08:48 -05:00
locals = { spammable : spammable , script : false , has_submit : false }
2017-12-08 07:26:39 -05:00
recaptcha_html = render_to_string ( partial : 'shared/recaptcha_form' , formats : :html , locals : locals )
render json : { recaptcha_html : recaptcha_html }
end
end
2017-02-14 14:07:11 -05:00
else
2017-02-22 13:03:32 -05:00
yield
2017-02-14 14:07:11 -05:00
end
end
def spammable_params
2021-01-27 04:09:01 -05:00
# NOTE: For the legacy reCAPTCHA implementation based on the HTML/HAML form, the
# 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the
# recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form.
2021-01-18 04:11:05 -05:00
#
2021-01-27 04:09:01 -05:00
# It is used in the `Recaptcha::Verify#verify_recaptcha` to extract the value from `params`,
# if the `response` option is not passed explicitly.
2021-01-18 04:11:05 -05:00
#
# Instead of relying on this behavior, we are extracting and passing it explicitly. This will
# make it consistent with the newer, modern reCAPTCHA verification process as it will be
# implemented via the GraphQL API and in Vue components via the native reCAPTCHA Javascript API,
# which requires that the recaptcha response param be obtained and passed explicitly.
#
2021-01-27 04:09:01 -05:00
# It can also be expanded to multiple fields when we move to future alternative captcha
# implementations such as FriendlyCaptcha. See https://gitlab.com/gitlab-org/gitlab/-/issues/273480
# After this newer GraphQL/JS API process is fully supported by the backend, we can remove the
# check for the 'g-recaptcha-response' field and other HTML/HAML form-specific support.
captcha_response = params [ 'g-recaptcha-response' ]
{
request : request ,
spam_log_id : params [ :spam_log_id ] ,
captcha_response : captcha_response
}
2021-01-18 04:11:05 -05:00
end
2016-08-02 17:21:57 -04:00
def spammable
2016-08-09 13:43:47 -04:00
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
2016-08-02 17:21:57 -04:00
end
2017-06-29 13:06:35 -04:00
def spammable_path
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
end
2016-08-02 17:21:57 -04:00
def authorize_submit_spammable!
access_denied! unless current_user . admin?
end
2017-01-27 11:25:39 -05:00
def render_recaptcha?
return false if spammable . errors . count > 1 # re-render "new" template in case there are other errors
return false unless Gitlab :: Recaptcha . enabled?
2020-04-21 11:21:10 -04:00
spammable . needs_recaptcha?
2017-01-27 11:25:39 -05:00
end
2016-08-02 17:21:57 -04:00
end