diff options
author | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
---|---|---|
committer | GitLab Bot <gitlab-bot@gitlab.com> | 2020-05-20 14:34:42 +0000 |
commit | 9f46488805e86b1bc341ea1620b866016c2ce5ed (patch) | |
tree | f9748c7e287041e37d6da49e0a29c9511dc34768 /spec/services/spam/spam_action_service_spec.rb | |
parent | dfc92d081ea0332d69c8aca2f0e745cb48ae5e6d (diff) | |
download | gitlab-ce-9f46488805e86b1bc341ea1620b866016c2ce5ed.tar.gz |
Add latest changes from gitlab-org/gitlab@13-0-stable-ee
Diffstat (limited to 'spec/services/spam/spam_action_service_spec.rb')
-rw-r--r-- | spec/services/spam/spam_action_service_spec.rb | 215 |
1 files changed, 215 insertions, 0 deletions
diff --git a/spec/services/spam/spam_action_service_spec.rb b/spec/services/spam/spam_action_service_spec.rb new file mode 100644 index 00000000000..560833aba97 --- /dev/null +++ b/spec/services/spam/spam_action_service_spec.rb @@ -0,0 +1,215 @@ +# frozen_string_literal: true + +require 'spec_helper' + +describe Spam::SpamActionService do + include_context 'includes Spam constants' + + let(:fake_ip) { '1.2.3.4' } + let(:fake_user_agent) { 'fake-user-agent' } + let(:fake_referrer) { 'fake-http-referrer' } + let(:env) do + { 'action_dispatch.remote_ip' => fake_ip, + 'HTTP_USER_AGENT' => fake_user_agent, + 'HTTP_REFERRER' => fake_referrer } + end + let(:request) { double(:request, env: env) } + + let_it_be(:project) { create(:project, :public) } + let_it_be(:user) { create(:user) } + let(:issue) { create(:issue, project: project, author: user) } + + before do + issue.spam = false + end + + describe '#initialize' do + subject { described_class.new(spammable: issue, request: request) } + + context 'when the request is nil' do + let(:request) { nil } + + it 'assembles the options with information from the spammable' do + aggregate_failures do + expect(subject.options[:ip_address]).to eq(issue.ip_address) + expect(subject.options[:user_agent]).to eq(issue.user_agent) + expect(subject.options.key?(:referrer)).to be_falsey + end + end + end + + context 'when the request is present' do + let(:request) { double(:request, env: env) } + + it 'assembles the options with information from the spammable' do + aggregate_failures do + expect(subject.options[:ip_address]).to eq(fake_ip) + expect(subject.options[:user_agent]).to eq(fake_user_agent) + expect(subject.options[:referrer]).to eq(fake_referrer) + end + end + end + end + + shared_examples 'only checks for spam if a request is provided' do + context 'when request is missing' do + subject { described_class.new(spammable: issue, request: nil) } + + it "doesn't check as spam" do + subject + + expect(issue).not_to be_spam + end + end + + context 'when request exists' do + it 'creates a spam log' do + expect { subject } + .to log_spam(title: issue.title, description: issue.description, noteable_type: 'Issue') + end + end + end + + describe '#execute' do + let(:request) { double(:request, env: env) } + let(:fake_verdict_service) { double(:spam_verdict_service) } + let(:allowlisted) { false } + + let_it_be(:existing_spam_log) { create(:spam_log, user: user, recaptcha_verified: false) } + + subject do + described_service = described_class.new(spammable: issue, request: request) + allow(described_service).to receive(:allowlisted?).and_return(allowlisted) + described_service.execute(user: user, api: nil, recaptcha_verified: recaptcha_verified, spam_log_id: existing_spam_log.id) + end + + before do + allow(Spam::SpamVerdictService).to receive(:new).and_return(fake_verdict_service) + end + + context 'when reCAPTCHA was already verified' do + let(:recaptcha_verified) { true } + + it "doesn't check with the SpamVerdictService" do + aggregate_failures do + expect(SpamLog).to receive(:verify_recaptcha!) + expect(fake_verdict_service).not_to receive(:execute) + end + + subject + end + + it 'updates spam log' do + expect { subject }.to change { existing_spam_log.reload.recaptcha_verified }.from(false).to(true) + end + end + + context 'when reCAPTCHA was not verified' do + let(:recaptcha_verified) { false } + + context 'when spammable attributes have not changed' do + before do + issue.closed_at = Time.zone.now + end + + it 'does not create a spam log' do + expect { subject } + .not_to change { SpamLog.count } + end + end + + context 'when spammable attributes have changed' do + before do + issue.description = 'SPAM!' + end + + context 'if allowlisted' do + let(:allowlisted) { true } + + it 'does not perform spam check' do + expect(Spam::SpamVerdictService).not_to receive(:new) + + subject + end + end + + context 'when disallowed by the spam verdict service' do + before do + allow(fake_verdict_service).to receive(:execute).and_return(DISALLOW) + end + + context 'when allow_possible_spam feature flag is false' do + before do + stub_feature_flags(allow_possible_spam: false) + end + + it_behaves_like 'only checks for spam if a request is provided' + + it 'marks as spam' do + subject + + expect(issue).to be_spam + end + end + + context 'when allow_possible_spam feature flag is true' do + it_behaves_like 'only checks for spam if a request is provided' + + it 'does not mark as spam' do + subject + + expect(issue).not_to be_spam + end + end + end + + context 'when spam verdict service requires reCAPTCHA' do + before do + allow(fake_verdict_service).to receive(:execute).and_return(REQUIRE_RECAPTCHA) + end + + context 'when allow_possible_spam feature flag is false' do + before do + stub_feature_flags(allow_possible_spam: false) + end + + it_behaves_like 'only checks for spam if a request is provided' + + it 'does not mark as spam' do + subject + + expect(issue).not_to be_spam + end + + it 'marks as needing reCAPTCHA' do + subject + + expect(issue.needs_recaptcha?).to be_truthy + end + end + + context 'when allow_possible_spam feature flag is true' do + it_behaves_like 'only checks for spam if a request is provided' + + it 'does not mark as needing reCAPTCHA' do + subject + + expect(issue.needs_recaptcha).to be_falsey + end + end + end + + context 'when spam verdict service allows creation' do + before do + allow(fake_verdict_service).to receive(:execute).and_return(ALLOW) + end + + it 'does not create a spam log' do + expect { subject } + .not_to change { SpamLog.count } + end + end + end + end + end +end |