gitlab-org--gitlab-foss/spec/features/issues/spam_akismet_issue_creation_spec.rb

178 lines
6.4 KiB
Ruby

# frozen_string_literal: true
require 'spec_helper'
RSpec.describe 'Spam detection on issue creation', :js do
include StubENV
let(:project) { create(:project, :public) }
let(:user) { create(:user) }
include_context 'includes Spam constants'
before do
stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')
Gitlab::CurrentSettings.update!(
akismet_enabled: true,
akismet_api_key: 'testkey',
spam_check_api_key: 'testkey',
recaptcha_enabled: true,
recaptcha_site_key: 'test site key',
recaptcha_private_key: 'test private key'
)
project.add_maintainer(user)
sign_in(user)
visit new_project_issue_path(project)
fill_in 'issue_title', with: 'issue title'
fill_in 'issue_description', with: 'issue description'
end
shared_examples 'disallows issue creation' do
it 'disallows issue creation' do
click_button 'Create issue'
expect(page).to have_content('discarded')
expect(page).not_to have_css('.recaptcha')
expect(page).not_to have_content('issue title')
end
end
shared_examples 'allows issue creation with CAPTCHA' do
it 'allows issue creation' do
click_button 'Create issue'
# it is impossible to test reCAPTCHA automatically and there is no possibility to fill in recaptcha
# reCAPTCHA verification is skipped in test environment and it always returns true
expect(page).not_to have_content('issue title')
expect(page).to have_css('.recaptcha')
click_button 'Create issue'
expect(page.find('.issue-details h1.title')).to have_content('issue title')
expect(page.find('.issue-details .description')).to have_content('issue description')
end
end
shared_examples 'allows issue creation without CAPTCHA' do
it 'allows issue creation without need to solve CAPTCHA' do
click_button 'Create issue'
expect(page).not_to have_css('.recaptcha')
expect(page.find('.issue-details h1.title')).to have_content('issue title')
expect(page.find('.issue-details .description')).to have_content('issue description')
end
end
shared_examples 'creates a spam_log record' do
it 'creates a spam_log record' do
expect { click_button 'Create issue' }
.to log_spam(title: 'issue title', description: 'issue description', user_id: user.id, noteable_type: 'Issue')
end
end
shared_examples 'does not create a spam_log record' do
it 'does not creates a spam_log record' do
expect { click_button 'Create issue' }
.not_to log_spam(title: 'issue title', description: 'issue description', user_id: user.id, noteable_type: 'Issue')
end
end
shared_context 'when spammable is identified as possible spam' do
before do
allow_next_instance_of(Spam::AkismetService) do |akismet_service|
allow(akismet_service).to receive(:spam?).and_return(true)
end
end
end
shared_context 'when spammable is not identified as possible spam' do
before do
allow_next_instance_of(Spam::AkismetService) do |akismet_service|
allow(akismet_service).to receive(:spam?).and_return(false)
end
end
end
shared_context 'when CAPTCHA is enabled' do
before do
stub_application_setting(recaptcha_enabled: true)
end
end
shared_context 'when CAPTCHA is not enabled' do
before do
stub_application_setting(recaptcha_enabled: false)
end
end
shared_context 'when allow_possible_spam feature flag is true' do
before do
stub_feature_flags(allow_possible_spam: true)
end
end
shared_context 'when allow_possible_spam feature flag is false' do
before do
stub_feature_flags(allow_possible_spam: false)
end
end
describe 'spam handling' do
# verdict, spam_flagged, captcha_enabled, allow_possible_spam_flag, creates_spam_log
# TODO: Add example for BLOCK_USER verdict when we add support for testing SpamCheck - see https://gitlab.com/groups/gitlab-org/-/epics/5527#lacking-coverage-for-spamcheck-vs-akismet
# DISALLOW, true, false, false, true
# CONDITIONAL_ALLOW, true, true, false, true
# OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM, true, true, true, true
# OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM, true, false, true, true
# ALLOW, false, true, false, false
# TODO: Add example for NOOP verdict when we add support for testing SpamCheck - see https://gitlab.com/groups/gitlab-org/-/epics/5527#lacking-coverage-for-spamcheck-vs-akismet
context 'DISALLOW: spam_flagged=true, captcha_enabled=true, allow_possible_spam=true' do
include_context 'when spammable is identified as possible spam'
include_context 'when CAPTCHA is enabled'
include_context 'when allow_possible_spam feature flag is true'
it_behaves_like 'allows issue creation without CAPTCHA'
it_behaves_like 'creates a spam_log record'
end
context 'CONDITIONAL_ALLOW: spam_flagged=true, captcha_enabled=true, allow_possible_spam=false' do
include_context 'when spammable is identified as possible spam'
include_context 'when CAPTCHA is enabled'
include_context 'when allow_possible_spam feature flag is false'
it_behaves_like 'allows issue creation with CAPTCHA'
it_behaves_like 'creates a spam_log record'
end
context 'OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM: spam_flagged=true, captcha_enabled=true, allow_possible_spam=true' do
include_context 'when spammable is identified as possible spam'
include_context 'when CAPTCHA is enabled'
include_context 'when allow_possible_spam feature flag is true'
it_behaves_like 'allows issue creation without CAPTCHA'
it_behaves_like 'creates a spam_log record'
end
context 'OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM: spam_flagged=true, captcha_enabled=false, allow_possible_spam=true' do
include_context 'when spammable is identified as possible spam'
include_context 'when CAPTCHA is not enabled'
include_context 'when allow_possible_spam feature flag is true'
it_behaves_like 'allows issue creation without CAPTCHA'
it_behaves_like 'creates a spam_log record'
end
context 'ALLOW: spam_flagged=false, captcha_enabled=true, allow_possible_spam=false' do
include_context 'when spammable is not identified as possible spam'
include_context 'when CAPTCHA is not enabled'
include_context 'when allow_possible_spam feature flag is false'
it_behaves_like 'allows issue creation without CAPTCHA'
it_behaves_like 'does not create a spam_log record'
end
end
end