2018-09-14 01:42:05 -04:00
# frozen_string_literal: true
2016-08-02 17:21:57 -04:00
module SpammableActions
extend ActiveSupport :: Concern
2021-03-09 10:08:59 -05:00
include Spam :: Concerns :: HasSpamActionResponseFields
2016-08-02 17:21:57 -04:00
included do
before_action :authorize_submit_spammable! , only : :mark_as_spam
end
def mark_as_spam
2020-02-27 07:09:12 -05:00
if Spam :: MarkAsSpamService . new ( target : spammable ) . execute
2019-03-27 12:52:52 -04:00
redirect_to spammable_path , notice : _ ( " %{spammable_titlecase} was submitted to Akismet successfully. " ) % { spammable_titlecase : spammable . spammable_entity_type . titlecase }
2016-08-02 17:21:57 -04:00
else
2019-03-27 12:52:52 -04:00
redirect_to spammable_path , alert : _ ( 'Error with Akismet. Please check the logs for more info.' )
2016-08-02 17:21:57 -04:00
end
end
private
2017-12-08 07:26:39 -05:00
def recaptcha_check_with_fallback ( should_redirect = true , & fallback )
if should_redirect && spammable . valid?
2017-06-29 13:06:35 -04:00
redirect_to spammable_path
2021-01-28 19:09:17 -05:00
elsif spammable . render_recaptcha?
Gitlab :: Recaptcha . load_configurations!
2017-06-10 06:28:30 -04:00
2017-12-08 07:26:39 -05:00
respond_to do | format |
format . html do
2021-03-09 10:08:59 -05:00
# NOTE: format.html is still used by issue create, and uses the legacy HAML
# `_recaptcha_form.html.haml` rendered via the `projects/issues/verify` template.
2017-12-08 07:26:39 -05:00
render :verify
end
format . json do
2021-03-09 10:08:59 -05:00
# format.json is used by all new Vue-based CAPTCHA implementations, which
# handle all of the CAPTCHA form rendering on the client via the Pajamas-based
# app/assets/javascripts/captcha/captcha_modal.vue
2017-12-08 07:26:39 -05:00
2021-03-09 10:08:59 -05:00
# NOTE: "409 - Conflict" seems to be the most appropriate HTTP status code for a response
# which requires a CAPTCHA to be solved in order for the request to be resubmitted.
# See https://stackoverflow.com/q/26547466/25192
render json : spam_action_response_fields ( spammable ) , status : :conflict
2017-12-08 07:26:39 -05:00
end
end
2017-02-14 14:07:11 -05:00
else
2017-02-22 13:03:32 -05:00
yield
2017-02-14 14:07:11 -05:00
end
end
2021-06-30 14:07:05 -04:00
# TODO: This method is currently only needed for issue create, to convert spam/CAPTCHA values from
# params, and instead be passed as headers, as the spam services now all expect. It can be removed
# when issue create is is converted to a client/JS based approach instead of the legacy HAML
# `_recaptcha_form.html.haml` which is rendered via the `projects/issues/verify` template.
# In that case, which is based on the legacy reCAPTCHA implementation using the HTML/HAML form,
# the 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the
# recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form.
2021-06-21 08:07:45 -04:00
def extract_legacy_spam_params_to_headers
request . headers [ 'X-GitLab-Captcha-Response' ] = params [ 'g-recaptcha-response' ] || params [ :captcha_response ]
request . headers [ 'X-GitLab-Spam-Log-Id' ] = params [ :spam_log_id ]
2021-01-18 04:11:05 -05:00
end
2016-08-02 17:21:57 -04:00
def spammable
2016-08-09 13:43:47 -04:00
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
2016-08-02 17:21:57 -04:00
end
2017-06-29 13:06:35 -04:00
def spammable_path
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
end
2016-08-02 17:21:57 -04:00
def authorize_submit_spammable!
access_denied! unless current_user . admin?
end
end