diff options
author | Oswaldo Ferreira <oswaldo@gitlab.com> | 2017-02-14 17:07:11 -0200 |
---|---|---|
committer | Oswaldo Ferreira <oswluizf@gmail.com> | 2017-02-21 13:32:49 -0300 |
commit | 2ace39f2420abf018ceef6aaad52e4917bcbab7d (patch) | |
tree | cae709a6381c80c70af5da459c3ffa992593843d /lib | |
parent | 881529495379505542033bf7fb0d91cdc5b51e8d (diff) | |
download | gitlab-ce-2ace39f2420abf018ceef6aaad52e4917bcbab7d.tar.gz |
Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-edit
Diffstat (limited to 'lib')
-rw-r--r-- | lib/api/helpers.rb | 4 | ||||
-rw-r--r-- | lib/api/issues.rb | 6 | ||||
-rw-r--r-- | lib/api/project_snippets.rb | 8 | ||||
-rw-r--r-- | lib/api/snippets.rb | 7 | ||||
-rw-r--r-- | lib/api/v3/issues.rb | 10 | ||||
-rw-r--r-- | lib/api/v3/project_snippets.rb | 8 |
6 files changed, 35 insertions, 8 deletions
diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb index 7b6fae866eb..32692f19fcd 100644 --- a/lib/api/helpers.rb +++ b/lib/api/helpers.rb @@ -215,6 +215,10 @@ module API end end + def render_spam_error! + render_api_error!({ error: 'Spam detected' }, 400) + end + def render_api_error!(message, status) error!({ 'message' => message }, status, header) end diff --git a/lib/api/issues.rb b/lib/api/issues.rb index 2b946bfd349..6d30c5d81b1 100644 --- a/lib/api/issues.rb +++ b/lib/api/issues.rb @@ -169,9 +169,13 @@ module API params.delete(:updated_at) end + update_params = declared_params(include_missing: false).merge(request: request, api: true) + issue = ::Issues::UpdateService.new(user_project, current_user, - declared_params(include_missing: false)).execute(issue) + update_params).execute(issue) + + render_spam_error! if issue.spam? if issue.valid? present issue, with: Entities::Issue, current_user: current_user, project: user_project diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb index dcc0c82ee27..2a1cce73f3f 100644 --- a/lib/api/project_snippets.rb +++ b/lib/api/project_snippets.rb @@ -63,6 +63,8 @@ module API snippet = CreateSnippetService.new(user_project, current_user, snippet_params).execute + render_spam_error! if snippet.spam? + if snippet.persisted? present snippet, with: Entities::ProjectSnippet else @@ -92,12 +94,16 @@ module API authorize! :update_project_snippet, snippet snippet_params = declared_params(include_missing: false) + .merge(request: request, api: true) + snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present? UpdateSnippetService.new(user_project, current_user, snippet, snippet_params).execute - if snippet.persisted? + render_spam_error! if snippet.spam? + + if snippet.valid? present snippet, with: Entities::ProjectSnippet else render_validation_error!(snippet) diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb index eb9ece49e7f..ac03fbd2a3d 100644 --- a/lib/api/snippets.rb +++ b/lib/api/snippets.rb @@ -67,6 +67,8 @@ module API attrs = declared_params(include_missing: false).merge(request: request, api: true) snippet = CreateSnippetService.new(nil, current_user, attrs).execute + render_spam_error! if snippet.spam? + if snippet.persisted? present snippet, with: Entities::PersonalSnippet else @@ -93,9 +95,12 @@ module API return not_found!('Snippet') unless snippet authorize! :update_personal_snippet, snippet - attrs = declared_params(include_missing: false) + attrs = declared_params(include_missing: false).merge(request: request, api: true) UpdateSnippetService.new(nil, current_user, snippet, attrs).execute + + render_spam_error! if snippet.spam? + if snippet.persisted? present snippet, with: Entities::PersonalSnippet else diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb index ba5b6fdbe52..d0af09f0e1e 100644 --- a/lib/api/v3/issues.rb +++ b/lib/api/v3/issues.rb @@ -149,9 +149,7 @@ module API issue = ::Issues::CreateService.new(user_project, current_user, issue_params.merge(request: request, api: true)).execute - if issue.spam? - render_api_error!({ error: 'Spam detected' }, 400) - end + render_spam_error! if issue.spam? if issue.valid? present issue, with: ::API::Entities::Issue, current_user: current_user, project: user_project @@ -182,9 +180,13 @@ module API params.delete(:updated_at) end + update_params = declared_params(include_missing: false).merge(request: request, api: true) + issue = ::Issues::UpdateService.new(user_project, current_user, - declared_params(include_missing: false)).execute(issue) + update_params).execute(issue) + + render_spam_error! if issue.spam? if issue.valid? present issue, with: ::API::Entities::Issue, current_user: current_user, project: user_project diff --git a/lib/api/v3/project_snippets.rb b/lib/api/v3/project_snippets.rb index 9f95d4395fa..e03e941d30b 100644 --- a/lib/api/v3/project_snippets.rb +++ b/lib/api/v3/project_snippets.rb @@ -64,6 +64,8 @@ module API snippet = CreateSnippetService.new(user_project, current_user, snippet_params).execute + render_spam_error! if snippet.spam? + if snippet.persisted? present snippet, with: ::API::V3::Entities::ProjectSnippet else @@ -93,12 +95,16 @@ module API authorize! :update_project_snippet, snippet snippet_params = declared_params(include_missing: false) + .merge(request: request, api: true) + snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present? UpdateSnippetService.new(user_project, current_user, snippet, snippet_params).execute - if snippet.persisted? + render_spam_error! if snippet.spam? + + if snippet.valid? present snippet, with: ::API::V3::Entities::ProjectSnippet else render_validation_error!(snippet) |