2020-03-13 15:44:24 +05:30
|
|
|
# frozen_string_literal: true
|
|
|
|
|
|
|
|
require 'spec_helper'
|
|
|
|
|
2023-05-27 22:25:52 +05:30
|
|
|
RSpec.describe Spam::SpamActionService, feature_category: :instance_resiliency do
|
2020-05-24 23:13:21 +05:30
|
|
|
include_context 'includes Spam constants'
|
|
|
|
|
2021-10-27 15:23:28 +05:30
|
|
|
let(:issue) { create(:issue, project: project, author: author) }
|
2022-10-11 01:57:18 +05:30
|
|
|
let(:personal_snippet) { create(:personal_snippet, :public, author: author) }
|
|
|
|
let(:project_snippet) { create(:project_snippet, :public, author: author) }
|
2020-03-13 15:44:24 +05:30
|
|
|
let(:fake_ip) { '1.2.3.4' }
|
|
|
|
let(:fake_user_agent) { 'fake-user-agent' }
|
2021-06-08 01:23:25 +05:30
|
|
|
let(:fake_referer) { 'fake-http-referer' }
|
2021-09-30 23:02:18 +05:30
|
|
|
let(:captcha_response) { 'abc123' }
|
|
|
|
let(:spam_log_id) { existing_spam_log.id }
|
|
|
|
let(:spam_params) do
|
|
|
|
::Spam::SpamParams.new(
|
|
|
|
captcha_response: captcha_response,
|
|
|
|
spam_log_id: spam_log_id,
|
|
|
|
ip_address: fake_ip,
|
|
|
|
user_agent: fake_user_agent,
|
|
|
|
referer: fake_referer
|
|
|
|
)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
2020-10-24 23:57:45 +05:30
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
let_it_be(:project) { create(:project, :public) }
|
|
|
|
let_it_be(:user) { create(:user) }
|
2021-10-27 15:23:28 +05:30
|
|
|
let_it_be(:author) { create(:user) }
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
before do
|
|
|
|
issue.spam = false
|
2022-10-11 01:57:18 +05:30
|
|
|
personal_snippet.spam = false
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
describe 'constructor argument validation' do
|
|
|
|
subject do
|
|
|
|
described_service = described_class.new(spammable: issue, spam_params: spam_params, user: user, action: :create)
|
|
|
|
described_service.execute
|
|
|
|
end
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
context 'when spam_params is nil' do
|
|
|
|
let(:spam_params) { nil }
|
|
|
|
let(:expected_service_params_not_present_message) do
|
|
|
|
/Skipped spam check because spam_params was not present/
|
|
|
|
end
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
it "returns success with a messaage" do
|
2021-03-11 19:13:27 +05:30
|
|
|
response = subject
|
2020-04-22 19:07:51 +05:30
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
expect(response.message).to match(expected_service_params_not_present_message)
|
2020-04-22 19:07:51 +05:30
|
|
|
expect(issue).not_to be_spam
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2023-07-09 08:55:56 +05:30
|
|
|
shared_examples 'allows user' do
|
|
|
|
it 'does not perform spam check' do
|
|
|
|
expect(Spam::SpamVerdictService).not_to receive(:new)
|
|
|
|
|
|
|
|
response = subject
|
|
|
|
|
|
|
|
expect(response.message).to match(/user was allowlisted/)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
shared_examples 'creates a spam log' do |target_type|
|
2021-03-11 19:13:27 +05:30
|
|
|
it do
|
2021-09-30 23:02:18 +05:30
|
|
|
expect { subject }
|
2022-10-11 01:57:18 +05:30
|
|
|
.to log_spam(title: target.title, description: target.description, noteable_type: target_type)
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
# TODO: These checks should be incorporated into the `log_spam` RSpec matcher above
|
2021-03-11 19:13:27 +05:30
|
|
|
new_spam_log = SpamLog.last
|
|
|
|
expect(new_spam_log.user_id).to eq(user.id)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(new_spam_log.title).to eq(target.title)
|
|
|
|
expect(new_spam_log.description).to eq(target.spam_description)
|
2021-03-11 19:13:27 +05:30
|
|
|
expect(new_spam_log.source_ip).to eq(fake_ip)
|
|
|
|
expect(new_spam_log.user_agent).to eq(fake_user_agent)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(new_spam_log.noteable_type).to eq(target_type)
|
2021-09-30 23:02:18 +05:30
|
|
|
expect(new_spam_log.via_api).to eq(true)
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
shared_examples 'execute spam action service' do |target_type|
|
2021-03-11 19:13:27 +05:30
|
|
|
let(:fake_captcha_verification_service) { double(:captcha_verification_service) }
|
2020-05-24 23:13:21 +05:30
|
|
|
let(:fake_verdict_service) { double(:spam_verdict_service) }
|
2021-03-11 19:13:27 +05:30
|
|
|
|
|
|
|
let(:verdict_service_opts) do
|
|
|
|
{
|
|
|
|
ip_address: fake_ip,
|
|
|
|
user_agent: fake_user_agent,
|
2021-06-08 01:23:25 +05:30
|
|
|
referer: fake_referer
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
end
|
|
|
|
|
|
|
|
let(:verdict_service_args) do
|
|
|
|
{
|
2022-10-11 01:57:18 +05:30
|
|
|
target: target,
|
2021-03-11 19:13:27 +05:30
|
|
|
user: user,
|
|
|
|
options: verdict_service_opts,
|
|
|
|
context: {
|
|
|
|
action: :create,
|
2022-10-11 01:57:18 +05:30
|
|
|
target_type: target_type
|
|
|
|
},
|
|
|
|
extra_features: extra_features
|
2021-03-11 19:13:27 +05:30
|
|
|
}
|
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
let_it_be(:existing_spam_log) { create(:spam_log, user: user, recaptcha_verified: false) }
|
|
|
|
|
|
|
|
subject do
|
2022-10-11 01:57:18 +05:30
|
|
|
described_service = described_class.new(spammable: target, spam_params: spam_params, extra_features:
|
|
|
|
extra_features, user: user, action: :create)
|
2021-09-30 23:02:18 +05:30
|
|
|
described_service.execute
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
before do
|
2021-09-30 23:02:18 +05:30
|
|
|
allow(Captcha::CaptchaVerificationService).to receive(:new).with(spam_params: spam_params) { fake_captcha_verification_service }
|
2021-03-11 19:13:27 +05:30
|
|
|
allow(Spam::SpamVerdictService).to receive(:new).with(verdict_service_args).and_return(fake_verdict_service)
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
|
2021-03-11 19:13:27 +05:30
|
|
|
context 'when captcha response verification returns true' do
|
|
|
|
before do
|
2021-04-29 21:17:54 +05:30
|
|
|
allow(fake_captcha_verification_service)
|
2021-09-30 23:02:18 +05:30
|
|
|
.to receive(:execute).and_return(true)
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
|
2020-05-24 23:13:21 +05:30
|
|
|
it "doesn't check with the SpamVerdictService" do
|
2020-03-13 15:44:24 +05:30
|
|
|
aggregate_failures do
|
2021-03-11 19:13:27 +05:30
|
|
|
expect(SpamLog).to receive(:verify_recaptcha!).with(
|
|
|
|
user_id: user.id,
|
|
|
|
id: spam_log_id
|
|
|
|
)
|
2020-05-24 23:13:21 +05:30
|
|
|
expect(fake_verdict_service).not_to receive(:execute)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'updates spam log' do
|
2020-04-22 19:07:51 +05:30
|
|
|
expect { subject }.to change { existing_spam_log.reload.recaptcha_verified }.from(false).to(true)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-03-11 19:13:27 +05:30
|
|
|
context 'when captcha response verification returns false' do
|
|
|
|
before do
|
2021-04-29 21:17:54 +05:30
|
|
|
allow(fake_captcha_verification_service)
|
2021-09-30 23:02:18 +05:30
|
|
|
.to receive(:execute).and_return(false)
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
|
|
|
|
context 'when spammable attributes have not changed' do
|
|
|
|
before do
|
2022-10-11 01:57:18 +05:30
|
|
|
allow(target).to receive(:has_changes_to_save?).and_return(true)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create a spam log' do
|
2021-04-29 21:17:54 +05:30
|
|
|
expect { subject }.not_to change(SpamLog, :count)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when spammable attributes have changed' do
|
2021-03-11 19:13:27 +05:30
|
|
|
let(:expected_service_check_response_message) do
|
2022-10-11 01:57:18 +05:30
|
|
|
/Check #{target_type} spammable model for any errors or CAPTCHA requirement/
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
|
|
|
|
2020-03-13 15:44:24 +05:30
|
|
|
before do
|
2022-10-11 01:57:18 +05:30
|
|
|
target.description = 'Lovely Spam! Wonderful Spam!'
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
2023-07-09 08:55:56 +05:30
|
|
|
context 'when user is a gitlab bot' do
|
|
|
|
before do
|
|
|
|
allow(user).to receive(:gitlab_bot?).and_return(true)
|
|
|
|
end
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2023-07-09 08:55:56 +05:30
|
|
|
it_behaves_like 'allows user'
|
|
|
|
end
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2023-07-09 08:55:56 +05:30
|
|
|
context 'when user is a gitlab service user' do
|
|
|
|
before do
|
|
|
|
allow(user).to receive(:gitlab_service_user?).and_return(true)
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
2023-07-09 08:55:56 +05:30
|
|
|
|
|
|
|
it_behaves_like 'allows user'
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
context 'when disallowed by the spam verdict service' do
|
2020-03-13 15:44:24 +05:30
|
|
|
before do
|
2020-05-24 23:13:21 +05:30
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(DISALLOW)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
it_behaves_like 'creates a spam log', target_type
|
2020-03-13 15:44:24 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it 'marks as spam' do
|
|
|
|
response = subject
|
2020-03-13 15:44:24 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).to be_spam
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-06-08 01:23:25 +05:30
|
|
|
context 'spam verdict service advises to block the user' do
|
|
|
|
before do
|
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(BLOCK_USER)
|
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
it_behaves_like 'creates a spam log', target_type
|
2021-06-08 01:23:25 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it 'marks as spam' do
|
|
|
|
response = subject
|
2021-06-08 01:23:25 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).to be_spam
|
2021-06-08 01:23:25 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2020-06-23 00:09:42 +05:30
|
|
|
context 'when spam verdict service conditionally allows' do
|
2020-03-13 15:44:24 +05:30
|
|
|
before do
|
2020-06-23 00:09:42 +05:30
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(CONDITIONAL_ALLOW)
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
it_behaves_like 'creates a spam log', target_type
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it 'does not mark as spam' do
|
|
|
|
response = subject
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).not_to be_spam
|
2022-05-07 20:08:51 +05:30
|
|
|
end
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it 'marks as needing reCAPTCHA' do
|
|
|
|
response = subject
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).to be_needs_recaptcha
|
2022-05-07 20:08:51 +05:30
|
|
|
end
|
|
|
|
end
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
context 'when spam verdict service returns OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM' do
|
|
|
|
before do
|
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
2022-10-11 01:57:18 +05:30
|
|
|
it_behaves_like 'creates a spam log', target_type
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
it 'does not mark as spam' do
|
|
|
|
response = subject
|
|
|
|
|
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).not_to be_spam
|
2022-05-07 20:08:51 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not mark as needing CAPTCHA' do
|
|
|
|
response = subject
|
2020-05-24 23:13:21 +05:30
|
|
|
|
2022-05-07 20:08:51 +05:30
|
|
|
expect(response.message).to match(expected_service_check_response_message)
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).not_to be_needs_recaptcha
|
2020-05-24 23:13:21 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when spam verdict service allows creation' do
|
|
|
|
before do
|
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(ALLOW)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create a spam log' do
|
2021-04-29 21:17:54 +05:30
|
|
|
expect { subject }.not_to change(SpamLog, :count)
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
2021-03-11 19:13:27 +05:30
|
|
|
|
|
|
|
it 'clears spam flags' do
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).to receive(:clear_spam_flags!)
|
2021-03-11 19:13:27 +05:30
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-06-08 01:23:25 +05:30
|
|
|
context 'when spam verdict service returns noop' do
|
|
|
|
before do
|
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(NOOP)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'does not create a spam log' do
|
|
|
|
expect { subject }.not_to change(SpamLog, :count)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'clears spam flags' do
|
2022-10-11 01:57:18 +05:30
|
|
|
expect(target).to receive(:clear_spam_flags!)
|
2021-06-08 01:23:25 +05:30
|
|
|
|
|
|
|
subject
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2021-04-29 21:17:54 +05:30
|
|
|
context 'with spam verdict service options' do
|
2021-03-11 19:13:27 +05:30
|
|
|
before do
|
2021-04-29 21:17:54 +05:30
|
|
|
allow(fake_verdict_service).to receive(:execute).and_return(ALLOW)
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
it 'assembles the options with information from the request' do
|
|
|
|
expect(Spam::SpamVerdictService).to receive(:new).with(verdict_service_args)
|
2021-03-11 19:13:27 +05:30
|
|
|
|
2021-09-30 23:02:18 +05:30
|
|
|
subject
|
2021-03-11 19:13:27 +05:30
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
2022-10-11 01:57:18 +05:30
|
|
|
|
|
|
|
describe '#execute' do
|
|
|
|
describe 'issue' do
|
|
|
|
let(:target) { issue }
|
|
|
|
let(:extra_features) { {} }
|
|
|
|
|
|
|
|
it_behaves_like 'execute spam action service', 'Issue'
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'project snippet' do
|
|
|
|
let(:target) { project_snippet }
|
|
|
|
let(:extra_features) { { files: [{ path: 'project.rb' }] } }
|
|
|
|
|
|
|
|
it_behaves_like 'execute spam action service', 'ProjectSnippet'
|
|
|
|
end
|
|
|
|
|
|
|
|
describe 'personal snippet' do
|
|
|
|
let(:target) { personal_snippet }
|
|
|
|
let(:extra_features) { { files: [{ path: 'personal.rb' }] } }
|
|
|
|
|
|
|
|
it_behaves_like 'execute spam action service', 'PersonalSnippet'
|
|
|
|
end
|
|
|
|
end
|
2020-03-13 15:44:24 +05:30
|
|
|
end
|