debian-mirror-gitlab/app/controllers/concerns/spammable_actions.rb

74 lines
2.9 KiB
Ruby
Raw Normal View History

2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2016-09-13 17:45:13 +05:30
module SpammableActions
extend ActiveSupport::Concern
2021-04-17 20:07:23 +05:30
include Spam::Concerns::HasSpamActionResponseFields
2016-09-13 17:45:13 +05:30
included do
before_action :authorize_submit_spammable!, only: :mark_as_spam
end
def mark_as_spam
2020-04-08 14:13:33 +05:30
if Spam::MarkAsSpamService.new(target: spammable).execute
2019-07-07 11:18:12 +05:30
redirect_to spammable_path, notice: _("%{spammable_titlecase} was submitted to Akismet successfully.") % { spammable_titlecase: spammable.spammable_entity_type.titlecase }
2016-09-13 17:45:13 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_to spammable_path, alert: _('Error with Akismet. Please check the logs for more info.')
2016-09-13 17:45:13 +05:30
end
end
private
2018-03-17 18:26:18 +05:30
def recaptcha_check_with_fallback(should_redirect = true, &fallback)
if should_redirect && spammable.valid?
2017-09-10 17:25:29 +05:30
redirect_to spammable_path
2021-03-11 19:13:27 +05:30
elsif spammable.render_recaptcha?
Gitlab::Recaptcha.load_configurations!
2017-08-17 22:00:37 +05:30
2018-03-17 18:26:18 +05:30
respond_to do |format|
format.html do
2021-04-17 20:07:23 +05:30
# NOTE: format.html is still used by issue create, and uses the legacy HAML
# `_recaptcha_form.html.haml` rendered via the `projects/issues/verify` template.
2018-03-17 18:26:18 +05:30
render :verify
end
format.json do
2021-04-17 20:07:23 +05:30
# format.json is used by all new Vue-based CAPTCHA implementations, which
# handle all of the CAPTCHA form rendering on the client via the Pajamas-based
# app/assets/javascripts/captcha/captcha_modal.vue
2018-03-17 18:26:18 +05:30
2021-04-17 20:07:23 +05:30
# NOTE: "409 - Conflict" seems to be the most appropriate HTTP status code for a response
# which requires a CAPTCHA to be solved in order for the request to be resubmitted.
# See https://stackoverflow.com/q/26547466/25192
render json: spam_action_response_fields(spammable), status: :conflict
2018-03-17 18:26:18 +05:30
end
end
2017-08-17 22:00:37 +05:30
else
yield
end
end
2021-09-30 23:02:18 +05:30
# TODO: This method is currently only needed for issue create, to convert spam/CAPTCHA values from
# params, and instead be passed as headers, as the spam services now all expect. It can be removed
# when issue create is is converted to a client/JS based approach instead of the legacy HAML
# `_recaptcha_form.html.haml` which is rendered via the `projects/issues/verify` template.
# In that case, which is based on the legacy reCAPTCHA implementation using the HTML/HAML form,
# the 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the
# recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form.
def extract_legacy_spam_params_to_headers
request.headers['X-GitLab-Captcha-Response'] = params['g-recaptcha-response'] || params[:captcha_response]
request.headers['X-GitLab-Spam-Log-Id'] = params[:spam_log_id]
2021-03-08 18:12:59 +05:30
end
2016-09-13 17:45:13 +05:30
def spammable
raise NotImplementedError, "#{self.class} does not implement #{__method__}"
end
2017-09-10 17:25:29 +05:30
def spammable_path
raise NotImplementedError, "#{self.class} does not implement #{__method__}"
end
2016-09-13 17:45:13 +05:30
def authorize_submit_spammable!
access_denied! unless current_user.admin?
end
end