Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-edit

author: Oswaldo Ferreira <oswaldo@gitlab.com> 2017-02-14 17:07:11 -0200
committer: Oswaldo Ferreira <oswluizf@gmail.com> 2017-02-21 13:32:49 -0300
commit: 2ace39f2420abf018ceef6aaad52e4917bcbab7d (patch)
tree: cae709a6381c80c70af5da459c3ffa992593843d /app/controllers
parent: 881529495379505542033bf7fb0d91cdc5b51e8d (diff)
download: gitlab-ce-2ace39f2420abf018ceef6aaad52e4917bcbab7d.tar.gz
4 files changed, 49 insertions, 49 deletions
diff --git a/app/controllers/concerns/spammable_actions.rb b/app/controllers/concerns/spammable_actions.rb
index a6891149bfa..da225d8f1c7 100644
--- a/app/controllers/concerns/spammable_actions.rb
+++ b/app/controllers/concerns/spammable_actions.rb
@@ -17,13 +17,31 @@ module SpammableActions
 
   private
 
-  def recaptcha_params
-    return {} unless params[:recaptcha_verification] && Gitlab::Recaptcha.load_configurations! && verify_recaptcha
+  def recaptcha_check_with_fallback(&fallback)
+    if spammable.valid?
+      redirect_to spammable
+    elsif render_recaptcha?
+      if params[:recaptcha_verification]
+        flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
+      end
+
+      render :verify
+    else
+      fallback.call
+    end
+  end
+
+  def spammable_params
+    default_params = { request: request }
+
+    recaptcha_check = params[:recaptcha_verification] &&
+      Gitlab::Recaptcha.load_configurations! &&
+      verify_recaptcha
+
+    return default_params unless recaptcha_check
 
-    {
-      recaptcha_verified: true,
-      spam_log_id: params[:spam_log_id]
-    }
+    { recaptcha_verified: true,
+      spam_log_id: params[:spam_log_id] }.merge(default_params)
   end
 
   def spammable
diff --git a/app/controllers/projects/issues_controller.rb b/app/controllers/projects/issues_controller.rb
index 744a4af1c51..6ef36771ac1 100644
--- a/app/controllers/projects/issues_controller.rb
+++ b/app/controllers/projects/issues_controller.rb
@@ -94,15 +94,15 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def create
-    extra_params = { request: request,
-                     merge_request_for_resolving_discussions: merge_request_for_resolving_discussions }
-    extra_params.merge!(recaptcha_params)
+    create_params = issue_params
+      .merge(merge_request_for_resolving_discussions: merge_request_for_resolving_discussions)
+      .merge(spammable_params)
 
-    @issue = Issues::CreateService.new(project, current_user, issue_params.merge(extra_params)).execute
+    @issue = Issues::CreateService.new(project, current_user, create_params).execute
 
     respond_to do |format|
       format.html do
-        html_response_create
+        recaptcha_check_with_fallback { render :new }
       end
       format.js do
         @link = @issue.attachment.url.to_js
@@ -111,7 +111,9 @@ class Projects::IssuesController < Projects::ApplicationController
   end
 
   def update
-    @issue = Issues::UpdateService.new(project, current_user, issue_params).execute(issue)
+    update_params = issue_params.merge(spammable_params)
+
+    @issue = Issues::UpdateService.new(project, current_user, update_params).execute(issue)
 
     if params[:move_to_project_id].to_i > 0
       new_project = Project.find(params[:move_to_project_id])
@@ -123,11 +125,7 @@ class Projects::IssuesController < Projects::ApplicationController
 
     respond_to do |format|
       format.html do
-        if @issue.valid?
-          redirect_to issue_path(@issue)
-        else
-          render :edit
-        end
+        recaptcha_check_with_fallback { render :edit }
       end
 
       format.json do
@@ -179,20 +177,6 @@ class Projects::IssuesController < Projects::ApplicationController
 
   protected
 
-  def html_response_create
-    if @issue.valid?
-      redirect_to issue_path(@issue)
-    elsif render_recaptcha?
-      if params[:recaptcha_verification]
-        flash[:alert] = 'There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'
-      end
-
-      render :verify
-    else
-      render :new
-    end
-  end
-
   def issue
     # The Sortable default scope causes performance issues when used with find_by
     @noteable = @issue ||= @project.issues.where(iid: params[:id]).reorder(nil).take || redirect_old
diff --git a/app/controllers/projects/snippets_controller.rb b/app/controllers/projects/snippets_controller.rb
index ef5d3d242eb..ea1a97b7cf0 100644
--- a/app/controllers/projects/snippets_controller.rb
+++ b/app/controllers/projects/snippets_controller.rb
@@ -38,24 +38,19 @@ class Projects::SnippetsController < Projects::ApplicationController
   end
 
   def create
-    create_params = snippet_params.merge(request: request)
+    create_params = snippet_params.merge(spammable_params)
+
     @snippet = CreateSnippetService.new(@project, current_user, create_params).execute
 
-    if @snippet.valid?
-      respond_with(@snippet,
-                   location: namespace_project_snippet_path(@project.namespace,
-                                                            @project, @snippet))
-    else
-      render :new
-    end
+    recaptcha_check_with_fallback { render :new }
   end
 
   def update
-    UpdateSnippetService.new(project, current_user, @snippet,
-                             snippet_params).execute
-    respond_with(@snippet,
-                 location: namespace_project_snippet_path(@project.namespace,
-                                                          @project, @snippet))
+    update_params = snippet_params.merge(spammable_params)
+
+    UpdateSnippetService.new(project, current_user, @snippet, update_params).execute
+
+    recaptcha_check_with_fallback { render :edit }
   end
 
   def show
diff --git a/app/controllers/snippets_controller.rb b/app/controllers/snippets_controller.rb
index 366804ab17e..a632c36cfb8 100644
--- a/app/controllers/snippets_controller.rb
+++ b/app/controllers/snippets_controller.rb
@@ -42,16 +42,19 @@ class SnippetsController < ApplicationController
   end
 
   def create
-    create_params = snippet_params.merge(request: request)
+    create_params = snippet_params.merge(spammable_params)
+
     @snippet = CreateSnippetService.new(nil, current_user, create_params).execute
 
-    respond_with @snippet.becomes(Snippet)
+    recaptcha_check_with_fallback { render :new }
   end
 
   def update
-    UpdateSnippetService.new(nil, current_user, @snippet,
-                             snippet_params).execute
-    respond_with @snippet.becomes(Snippet)
+    update_params = snippet_params.merge(spammable_params)
+
+    UpdateSnippetService.new(nil, current_user, @snippet, update_params).execute
+
+    recaptcha_check_with_fallback { render :edit }
   end
 
   def show
author	Oswaldo Ferreira <oswaldo@gitlab.com>	2017-02-14 17:07:11 -0200
committer	Oswaldo Ferreira <oswluizf@gmail.com>	2017-02-21 13:32:49 -0300
commit	2ace39f2420abf018ceef6aaad52e4917bcbab7d (patch)
tree	cae709a6381c80c70af5da459c3ffa992593843d /app/controllers
parent	881529495379505542033bf7fb0d91cdc5b51e8d (diff)
download	gitlab-ce-2ace39f2420abf018ceef6aaad52e4917bcbab7d.tar.gz