Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-edit

6 files changed, 35 insertions, 8 deletions

diff --git a/lib/api/helpers.rb b/lib/api/helpers.rb
index 7b6fae866eb..32692f19fcd 100644
--- a/lib/api/helpers.rb
+++ b/lib/api/helpers.rb
@@ -215,6 +215,10 @@ module API
       end
     end
 
+    def render_spam_error!
+      render_api_error!({ error: 'Spam detected' }, 400)
+    end
+
     def render_api_error!(message, status)
       error!({ 'message' => message }, status, header)
     end
diff --git a/lib/api/issues.rb b/lib/api/issues.rb
index 2b946bfd349..6d30c5d81b1 100644
--- a/lib/api/issues.rb
+++ b/lib/api/issues.rb
@@ -169,9 +169,13 @@ module API
           params.delete(:updated_at)
         end
 
+        update_params = declared_params(include_missing: false).merge(request: request, api: true)
+
         issue = ::Issues::UpdateService.new(user_project,
                                             current_user,
-                                            declared_params(include_missing: false)).execute(issue)
+                                            update_params).execute(issue)
+
+        render_spam_error! if issue.spam?
 
         if issue.valid?
           present issue, with: Entities::Issue, current_user: current_user, project: user_project
diff --git a/lib/api/project_snippets.rb b/lib/api/project_snippets.rb
index dcc0c82ee27..2a1cce73f3f 100644
--- a/lib/api/project_snippets.rb
+++ b/lib/api/project_snippets.rb
@@ -63,6 +63,8 @@ module API
 
         snippet = CreateSnippetService.new(user_project, current_user, snippet_params).execute
 
+        render_spam_error! if snippet.spam?
+
         if snippet.persisted?
           present snippet, with: Entities::ProjectSnippet
         else
@@ -92,12 +94,16 @@ module API
         authorize! :update_project_snippet, snippet
 
         snippet_params = declared_params(include_missing: false)
+          .merge(request: request, api: true)
+
         snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present?
 
         UpdateSnippetService.new(user_project, current_user, snippet,
                                  snippet_params).execute
 
-        if snippet.persisted?
+        render_spam_error! if snippet.spam?
+
+        if snippet.valid?
           present snippet, with: Entities::ProjectSnippet
         else
           render_validation_error!(snippet)
diff --git a/lib/api/snippets.rb b/lib/api/snippets.rb
index eb9ece49e7f..ac03fbd2a3d 100644
--- a/lib/api/snippets.rb
+++ b/lib/api/snippets.rb
@@ -67,6 +67,8 @@ module API
         attrs = declared_params(include_missing: false).merge(request: request, api: true)
         snippet = CreateSnippetService.new(nil, current_user, attrs).execute
 
+        render_spam_error! if snippet.spam?
+
         if snippet.persisted?
           present snippet, with: Entities::PersonalSnippet
         else
@@ -93,9 +95,12 @@ module API
         return not_found!('Snippet') unless snippet
         authorize! :update_personal_snippet, snippet
 
-        attrs = declared_params(include_missing: false)
+        attrs = declared_params(include_missing: false).merge(request: request, api: true)
 
         UpdateSnippetService.new(nil, current_user, snippet, attrs).execute
+
+        render_spam_error! if snippet.spam?
+
         if snippet.persisted?
           present snippet, with: Entities::PersonalSnippet
         else
diff --git a/lib/api/v3/issues.rb b/lib/api/v3/issues.rb
index ba5b6fdbe52..d0af09f0e1e 100644
--- a/lib/api/v3/issues.rb
+++ b/lib/api/v3/issues.rb
@@ -149,9 +149,7 @@ module API
           issue = ::Issues::CreateService.new(user_project,
                                               current_user,
                                               issue_params.merge(request: request, api: true)).execute
-          if issue.spam?
-            render_api_error!({ error: 'Spam detected' }, 400)
-          end
+          render_spam_error! if issue.spam?
 
           if issue.valid?
             present issue, with: ::API::Entities::Issue, current_user: current_user, project: user_project
@@ -182,9 +180,13 @@ module API
             params.delete(:updated_at)
           end
 
+          update_params = declared_params(include_missing: false).merge(request: request, api: true)
+
           issue = ::Issues::UpdateService.new(user_project,
                                               current_user,
-                                              declared_params(include_missing: false)).execute(issue)
+                                              update_params).execute(issue)
+
+          render_spam_error! if issue.spam?
 
           if issue.valid?
             present issue, with: ::API::Entities::Issue, current_user: current_user, project: user_project
diff --git a/lib/api/v3/project_snippets.rb b/lib/api/v3/project_snippets.rb
index 9f95d4395fa..e03e941d30b 100644
--- a/lib/api/v3/project_snippets.rb
+++ b/lib/api/v3/project_snippets.rb
@@ -64,6 +64,8 @@ module API
 
           snippet = CreateSnippetService.new(user_project, current_user, snippet_params).execute
 
+          render_spam_error! if snippet.spam?
+
           if snippet.persisted?
             present snippet, with: ::API::V3::Entities::ProjectSnippet
           else
@@ -93,12 +95,16 @@ module API
           authorize! :update_project_snippet, snippet
 
           snippet_params = declared_params(include_missing: false)
+            .merge(request: request, api: true)
+
           snippet_params[:content] = snippet_params.delete(:code) if snippet_params[:code].present?
 
           UpdateSnippetService.new(user_project, current_user, snippet,
                                    snippet_params).execute
 
-          if snippet.persisted?
+          render_spam_error! if snippet.spam?
+
+          if snippet.valid?
             present snippet, with: ::API::V3::Entities::ProjectSnippet
           else
             render_validation_error!(snippet)