Spam check and reCAPTCHA improvements28093-snippet-and-issue-spam-check-on-edit

5 files changed, 247 insertions, 57 deletions

diff --git a/spec/requests/api/issues_spec.rb b/spec/requests/api/issues_spec.rb
index ece1b43567d..7a0bd5f9721 100644
--- a/spec/requests/api/issues_spec.rb
+++ b/spec/requests/api/issues_spec.rb
@@ -1028,6 +1028,33 @@ describe API::Issues, api: true  do
     end
   end
 
+  describe 'PUT /projects/:id/issues/:issue_id with spam filtering' do
+    let(:params) do
+      {
+        title: 'updated title',
+        description: 'content here',
+        labels: 'label, label2'
+      }
+    end
+
+    it "does not create a new project issue" do
+      allow_any_instance_of(SpamService).to receive_messages(check_for_spam?: true)
+      allow_any_instance_of(AkismetService).to receive_messages(is_spam?: true)
+
+      put api("/projects/#{project.id}/issues/#{issue.id}", user), params
+
+      expect(response).to have_http_status(400)
+      expect(json_response['message']).to eq({ "error" => "Spam detected" })
+
+      spam_logs = SpamLog.all
+      expect(spam_logs.count).to eq(1)
+      expect(spam_logs[0].title).to eq('updated title')
+      expect(spam_logs[0].description).to eq('content here')
+      expect(spam_logs[0].user).to eq(user)
+      expect(spam_logs[0].noteable_type).to eq('Issue')
+    end
+  end
+
   describe 'PUT /projects/:id/issues/:issue_id to update labels' do
     let!(:label) { create(:label, title: 'dummy', project: project) }
     let!(:label_link) { create(:label_link, label: label, target: issue) }
diff --git a/spec/requests/api/project_snippets_spec.rb b/spec/requests/api/project_snippets_spec.rb
index f56876bcf54..da9df56401b 100644
--- a/spec/requests/api/project_snippets_spec.rb
+++ b/spec/requests/api/project_snippets_spec.rb
@@ -78,43 +78,33 @@ describe API::ProjectSnippets, api: true do
         allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
       end
 
-      context 'when the project is private' do
-        let(:private_project) { create(:project_empty_repo, :private) }
-
-        context 'when the snippet is public' do
-          it 'creates the snippet' do
-            expect { create_snippet(private_project, visibility_level: Snippet::PUBLIC) }.
-              to change { Snippet.count }.by(1)
-          end
+      context 'when the snippet is private' do
+        it 'creates the snippet' do
+          expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
+            to change { Snippet.count }.by(1)
         end
       end
 
-      context 'when the project is public' do
-        context 'when the snippet is private' do
-          it 'creates the snippet' do
-            expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
-              to change { Snippet.count }.by(1)
-          end
+      context 'when the snippet is public' do
+        it 'rejects the shippet' do
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+            not_to change { Snippet.count }
+
+          expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
-        context 'when the snippet is public' do
-          it 'rejects the shippet' do
-            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-              not_to change { Snippet.count }
-            expect(response).to have_http_status(400)
-          end
-
-          it 'creates a spam log' do
-            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-              to change { SpamLog.count }.by(1)
-          end
+        it 'creates a spam log' do
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
         end
       end
     end
   end
 
   describe 'PUT /projects/:project_id/snippets/:id/' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:visibility_level) { Snippet::PUBLIC }
+    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
 
     it 'updates snippet' do
       new_content = 'New content'
@@ -138,6 +128,56 @@ describe API::ProjectSnippets, api: true do
 
       expect(response).to have_http_status(400)
     end
+
+    context 'when the snippet is spam' do
+      def update_snippet(snippet_params = {})
+        put api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params
+      end
+
+      before do
+        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
+      end
+
+      context 'when the snippet is private' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'creates the snippet' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { snippet.reload.title }.to('Foo')
+        end
+      end
+
+      context 'when the snippet is public' do
+        let(:visibility_level) { Snippet::PUBLIC }
+
+        it 'rejects the snippet' do
+          expect { update_snippet(title: 'Foo') }.
+            not_to change { snippet.reload.title }
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+
+      context 'when the private snippet is made public' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'rejects the snippet' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            not_to change { snippet.reload.title }
+
+          expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+    end
   end
 
   describe 'DELETE /projects/:project_id/snippets/:id/' do
diff --git a/spec/requests/api/snippets_spec.rb b/spec/requests/api/snippets_spec.rb
index 1ef92930b3c..41def7cd1d4 100644
--- a/spec/requests/api/snippets_spec.rb
+++ b/spec/requests/api/snippets_spec.rb
@@ -129,7 +129,9 @@ describe API::Snippets, api: true do
         it 'rejects the shippet' do
           expect { create_snippet(visibility_level: Snippet::PUBLIC) }.
             not_to change { Snippet.count }
+
           expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
         it 'creates a spam log' do
@@ -141,16 +143,20 @@ describe API::Snippets, api: true do
   end
 
   describe 'PUT /snippets/:id' do
+    let(:visibility_level) { Snippet::PUBLIC }
     let(:other_user) { create(:user) }
-    let(:public_snippet) { create(:personal_snippet, :public, author: user) }
+    let(:snippet) do
+      create(:personal_snippet, author: user, visibility_level: visibility_level)
+    end
+
     it 'updates snippet' do
       new_content = 'New content'
 
-      put api("/snippets/#{public_snippet.id}", user), content: new_content
+      put api("/snippets/#{snippet.id}", user), content: new_content
 
       expect(response).to have_http_status(200)
-      public_snippet.reload
-      expect(public_snippet.content).to eq(new_content)
+      snippet.reload
+      expect(snippet.content).to eq(new_content)
     end
 
     it 'returns 404 for invalid snippet id' do
@@ -161,7 +167,7 @@ describe API::Snippets, api: true do
     end
 
     it "returns 404 for another user's snippet" do
-      put api("/snippets/#{public_snippet.id}", other_user), title: 'fubar'
+      put api("/snippets/#{snippet.id}", other_user), title: 'fubar'
 
       expect(response).to have_http_status(404)
       expect(json_response['message']).to eq('404 Snippet Not Found')
@@ -172,6 +178,56 @@ describe API::Snippets, api: true do
 
       expect(response).to have_http_status(400)
     end
+
+    context 'when the snippet is spam' do
+      def update_snippet(snippet_params = {})
+        put api("/snippets/#{snippet.id}", user), snippet_params
+      end
+
+      before do
+        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
+      end
+
+      context 'when the snippet is private' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'updates the snippet' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { snippet.reload.title }.to('Foo')
+        end
+      end
+
+      context 'when the snippet is public' do
+        let(:visibility_level) { Snippet::PUBLIC }
+
+        it 'rejects the shippet' do
+          expect { update_snippet(title: 'Foo') }.
+            not_to change { snippet.reload.title }
+
+          expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+
+      context 'when a private snippet is made public' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'rejects the snippet' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            not_to change { snippet.reload.title }
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+    end
   end
 
   describe 'DELETE /snippets/:id' do
diff --git a/spec/requests/api/v3/issues_spec.rb b/spec/requests/api/v3/issues_spec.rb
index 33a127de98a..8e6732fe23e 100644
--- a/spec/requests/api/v3/issues_spec.rb
+++ b/spec/requests/api/v3/issues_spec.rb
@@ -986,6 +986,33 @@ describe API::V3::Issues, api: true  do
     end
   end
 
+  describe 'PUT /projects/:id/issues/:issue_id with spam filtering' do
+    let(:params) do
+      {
+        title: 'updated title',
+        description: 'content here',
+        labels: 'label, label2'
+      }
+    end
+
+    it "does not create a new project issue" do
+      allow_any_instance_of(SpamService).to receive_messages(check_for_spam?: true)
+      allow_any_instance_of(AkismetService).to receive_messages(is_spam?: true)
+
+      put v3_api("/projects/#{project.id}/issues/#{issue.id}", user), params
+
+      expect(response).to have_http_status(400)
+      expect(json_response['message']).to eq({ "error" => "Spam detected" })
+
+      spam_logs = SpamLog.all
+      expect(spam_logs.count).to eq(1)
+      expect(spam_logs[0].title).to eq('updated title')
+      expect(spam_logs[0].description).to eq('content here')
+      expect(spam_logs[0].user).to eq(user)
+      expect(spam_logs[0].noteable_type).to eq('Issue')
+    end
+  end
+
   describe 'PUT /projects/:id/issues/:issue_id to update labels' do
     let!(:label) { create(:label, title: 'dummy', project: project) }
     let!(:label_link) { create(:label_link, label: label, target: issue) }
diff --git a/spec/requests/api/v3/project_snippets_spec.rb b/spec/requests/api/v3/project_snippets_spec.rb
index 3700477f0db..957a3bf97ef 100644
--- a/spec/requests/api/v3/project_snippets_spec.rb
+++ b/spec/requests/api/v3/project_snippets_spec.rb
@@ -85,43 +85,33 @@ describe API::ProjectSnippets, api: true do
         allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
       end
 
-      context 'when the project is private' do
-        let(:private_project) { create(:project_empty_repo, :private) }
-
-        context 'when the snippet is public' do
-          it 'creates the snippet' do
-            expect { create_snippet(private_project, visibility_level: Snippet::PUBLIC) }.
-              to change { Snippet.count }.by(1)
-          end
+      context 'when the snippet is private' do
+        it 'creates the snippet' do
+          expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
+            to change { Snippet.count }.by(1)
         end
       end
 
-      context 'when the project is public' do
-        context 'when the snippet is private' do
-          it 'creates the snippet' do
-            expect { create_snippet(project, visibility_level: Snippet::PRIVATE) }.
-              to change { Snippet.count }.by(1)
-          end
+      context 'when the snippet is public' do
+        it 'rejects the shippet' do
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+            not_to change { Snippet.count }
+
+          expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
         end
 
-        context 'when the snippet is public' do
-          it 'rejects the shippet' do
-            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-              not_to change { Snippet.count }
-            expect(response).to have_http_status(400)
-          end
-
-          it 'creates a spam log' do
-            expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
-              to change { SpamLog.count }.by(1)
-          end
+        it 'creates a spam log' do
+          expect { create_snippet(project, visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
         end
       end
     end
   end
 
   describe 'PUT /projects/:project_id/snippets/:id/' do
-    let(:snippet) { create(:project_snippet, author: admin) }
+    let(:visibility_level) { Snippet::PUBLIC }
+    let(:snippet) { create(:project_snippet, author: admin, visibility_level: visibility_level) }
 
     it 'updates snippet' do
       new_content = 'New content'
@@ -145,6 +135,56 @@ describe API::ProjectSnippets, api: true do
 
       expect(response).to have_http_status(400)
     end
+
+    context 'when the snippet is spam' do
+      def update_snippet(snippet_params = {})
+        put v3_api("/projects/#{snippet.project.id}/snippets/#{snippet.id}", admin), snippet_params
+      end
+
+      before do
+        allow_any_instance_of(AkismetService).to receive(:is_spam?).and_return(true)
+      end
+
+      context 'when the snippet is private' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'creates the snippet' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { snippet.reload.title }.to('Foo')
+        end
+      end
+
+      context 'when the snippet is public' do
+        let(:visibility_level) { Snippet::PUBLIC }
+
+        it 'rejects the snippet' do
+          expect { update_snippet(title: 'Foo') }.
+            not_to change { snippet.reload.title }
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo') }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+
+      context 'when the private snippet is made public' do
+        let(:visibility_level) { Snippet::PRIVATE }
+
+        it 'rejects the snippet' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            not_to change { snippet.reload.title }
+
+          expect(response).to have_http_status(400)
+          expect(json_response['message']).to eq({ "error" => "Spam detected" })
+        end
+
+        it 'creates a spam log' do
+          expect { update_snippet(title: 'Foo', visibility_level: Snippet::PUBLIC) }.
+            to change { SpamLog.count }.by(1)
+        end
+      end
+    end
   end
 
   describe 'DELETE /projects/:project_id/snippets/:id/' do