diff options
author | Alex Buijs <abuijs@gitlab.com> | 2019-08-09 17:40:54 +0200 |
---|---|---|
committer | Alex Buijs <abuijs@gitlab.com> | 2019-08-10 12:24:53 +0200 |
commit | a8da0de528f3a522c6d77b92ca5621c63ae9a69a (patch) | |
tree | 0d2d2327ddab83dc97bd84bd3a538d2dfa39acfa /spec/controllers/registrations_controller_spec.rb | |
parent | 456c0691cd1a7f73d8e2e5bcf3d47372c8db27be (diff) | |
download | gitlab-ce-a8da0de528f3a522c6d77b92ca5621c63ae9a69a.tar.gz |
Add invisible captcha
With a time treshold of 4 seconds
and a firstname and lastname honeypot
input fields when signing up
Diffstat (limited to 'spec/controllers/registrations_controller_spec.rb')
-rw-r--r-- | spec/controllers/registrations_controller_spec.rb | 60 |
1 files changed, 60 insertions, 0 deletions
diff --git a/spec/controllers/registrations_controller_spec.rb b/spec/controllers/registrations_controller_spec.rb index faf3c990cb2..796089d126b 100644 --- a/spec/controllers/registrations_controller_spec.rb +++ b/spec/controllers/registrations_controller_spec.rb @@ -5,6 +5,10 @@ require 'spec_helper' describe RegistrationsController do include TermsHelper + before do + stub_feature_flags(invisible_captcha: false) + end + describe '#create' do let(:base_user_params) { { name: 'new_user', username: 'new_username', email: 'new@user.com', password: 'Any_password' } } let(:user_params) { { user: base_user_params } } @@ -88,6 +92,62 @@ describe RegistrationsController do end end + context 'when invisible captcha is enabled' do + before do + stub_feature_flags(invisible_captcha: true) + InvisibleCaptcha.timestamp_threshold = treshold + end + + let(:treshold) { 4 } + let(:session_params) { { invisible_captcha_timestamp: form_rendered_time.iso8601 } } + let(:form_rendered_time) { Time.current } + let(:submit_time) { form_rendered_time + treshold } + + describe 'the honeypot has not been filled and the signup form has not been submitted too quickly' do + it 'creates an account' do + travel_to(submit_time) do + expect { post(:create, params: user_params, session: session_params) }.to change(User, :count).by(1) + end + end + end + + describe 'the honeypot has been filled' do + let(:user_params) { super().merge(firstname: 'Roy', lastname: 'Batty') } + + it 'refuses to create an account and renders an empty body' do + travel_to(submit_time) do + expect { post(:create, params: user_params, session: session_params) }.not_to change(User, :count) + expect(response).to have_gitlab_http_status(200) + expect(response.body).to be_empty + end + end + end + + context 'the sign up form has been submitted without the invisible_captcha_timestamp parameter' do + let(:session_params) { nil } + + it 'refuses to create an account and displays a flash alert' do + travel_to(submit_time) do + expect { post(:create, params: user_params, session: session_params) }.not_to change(User, :count) + expect(response).to redirect_to(new_user_session_path) + expect(flash[:alert]).to include 'That was a bit too quick! Please resubmit.' + end + end + end + + context 'the sign up form has been submitted too quickly' do + let(:submit_time) { form_rendered_time } + + it 'refuses to create an account and displays a flash alert' do + travel_to(submit_time) do + expect { post(:create, params: user_params, session: session_params) }.not_to change(User, :count) + expect(response).to redirect_to(new_user_session_path) + expect(flash[:alert]).to include 'That was a bit too quick! Please resubmit.' + end + end + end + end + context 'when terms are enforced' do before do enforce_terms |