2018-12-05 23:21:45 +05:30
# frozen_string_literal: true
2016-09-13 17:45:13 +05:30
module SpammableActions
extend ActiveSupport :: Concern
2017-08-17 22:00:37 +05:30
include Recaptcha :: Verify
2018-03-17 18:26:18 +05:30
include Gitlab :: Utils :: StrongMemoize
2017-08-17 22:00:37 +05:30
2016-09-13 17:45:13 +05:30
included do
before_action :authorize_submit_spammable! , only : :mark_as_spam
end
def mark_as_spam
2020-04-08 14:13:33 +05:30
if Spam :: MarkAsSpamService . new ( target : spammable ) . execute
2019-07-07 11:18:12 +05:30
redirect_to spammable_path , notice : _ ( " %{spammable_titlecase} was submitted to Akismet successfully. " ) % { spammable_titlecase : spammable . spammable_entity_type . titlecase }
2016-09-13 17:45:13 +05:30
else
2019-07-07 11:18:12 +05:30
redirect_to spammable_path , alert : _ ( 'Error with Akismet. Please check the logs for more info.' )
2016-09-13 17:45:13 +05:30
end
end
private
2017-08-17 22:00:37 +05:30
def ensure_spam_config_loaded!
2018-03-17 18:26:18 +05:30
strong_memoize ( :spam_config_loaded ) do
Gitlab :: Recaptcha . load_configurations!
end
2017-08-17 22:00:37 +05:30
end
2018-03-17 18:26:18 +05:30
def recaptcha_check_with_fallback ( should_redirect = true , & fallback )
if should_redirect && spammable . valid?
2017-09-10 17:25:29 +05:30
redirect_to spammable_path
2017-08-17 22:00:37 +05:30
elsif render_recaptcha?
ensure_spam_config_loaded!
2018-03-17 18:26:18 +05:30
respond_to do | format |
format . html do
render :verify
end
format . json do
locals = { spammable : spammable , script : false , has_submit : false }
recaptcha_html = render_to_string ( partial : 'shared/recaptcha_form' , formats : :html , locals : locals )
render json : { recaptcha_html : recaptcha_html }
end
end
2017-08-17 22:00:37 +05:30
else
yield
end
end
def spammable_params
default_params = { request : request }
2021-03-08 18:12:59 +05:30
recaptcha_check = recaptcha_response &&
2017-08-17 22:00:37 +05:30
ensure_spam_config_loaded! &&
2021-03-08 18:12:59 +05:30
verify_recaptcha ( response : recaptcha_response )
2017-08-17 22:00:37 +05:30
return default_params unless recaptcha_check
{ recaptcha_verified : true ,
spam_log_id : params [ :spam_log_id ] } . merge ( default_params )
end
2021-03-08 18:12:59 +05:30
def recaptcha_response
# NOTE: This field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the recaptcha
# gem, which is called from the HAML `_recaptcha_form.html.haml` form.
#
# It is used in the `Recaptcha::Verify#verify_recaptcha` if the `response` option is not
# passed explicitly.
#
# Instead of relying on this behavior, we are extracting and passing it explicitly. This will
# make it consistent with the newer, modern reCAPTCHA verification process as it will be
# implemented via the GraphQL API and in Vue components via the native reCAPTCHA Javascript API,
# which requires that the recaptcha response param be obtained and passed explicitly.
#
# After this newer GraphQL/JS API process is fully supported by the backend, we can remove this
# (and other) HAML-specific support.
params [ 'g-recaptcha-response' ]
end
2016-09-13 17:45:13 +05:30
def spammable
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
end
2017-09-10 17:25:29 +05:30
def spammable_path
raise NotImplementedError , " #{ self . class } does not implement #{ __method__ } "
end
2016-09-13 17:45:13 +05:30
def authorize_submit_spammable!
access_denied! unless current_user . admin?
end
2017-08-17 22:00:37 +05:30
def render_recaptcha?
return false if spammable . errors . count > 1 # re-render "new" template in case there are other errors
return false unless Gitlab :: Recaptcha . enabled?
2020-05-24 23:13:21 +05:30
spammable . needs_recaptcha?
2017-08-17 22:00:37 +05:30
end
2016-09-13 17:45:13 +05:30
end
