diff options
Diffstat (limited to 'app/controllers/groups_controller.rb')
-rw-r--r-- | app/controllers/groups_controller.rb | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/app/controllers/groups_controller.rb b/app/controllers/groups_controller.rb index 5de207857bb..63f138aa462 100644 --- a/app/controllers/groups_controller.rb +++ b/app/controllers/groups_controller.rb @@ -8,6 +8,7 @@ class GroupsController < Groups::ApplicationController include RecordUserLastActivity include SendFileUpload include FiltersEvents + include Recaptcha::Verify extend ::Gitlab::Utils::Override respond_to :html @@ -15,6 +16,7 @@ class GroupsController < Groups::ApplicationController prepend_before_action(only: [:show, :issues]) { authenticate_sessionless_user!(:rss) } prepend_before_action(only: [:issues_calendar]) { authenticate_sessionless_user!(:ics) } prepend_before_action :ensure_export_enabled, only: [:export, :download_export] + prepend_before_action :check_captcha, only: :create, if: -> { captcha_enabled? } before_action :authenticate_user!, only: [:new, :create] before_action :group, except: [:index, :new, :create] @@ -22,6 +24,7 @@ class GroupsController < Groups::ApplicationController # Authorize before_action :authorize_admin_group!, only: [:edit, :update, :destroy, :projects, :transfer, :export, :download_export] before_action :authorize_create_group!, only: [:new] + before_action :load_recaptcha, only: [:new], if: -> { captcha_required? } before_action :group_projects, only: [:projects, :activity, :issues, :merge_requests] before_action :event_filter, only: [:activity] @@ -38,6 +41,8 @@ class GroupsController < Groups::ApplicationController before_action :export_rate_limit, only: [:export, :download_export] + helper_method :captcha_required? + skip_cross_project_access_check :index, :new, :create, :edit, :update, :destroy, :projects # When loading show as an atom feed, we render events that could leak cross @@ -263,7 +268,8 @@ class GroupsController < Groups::ApplicationController :subgroup_creation_level, :default_branch_protection, :default_branch_name, - :allow_mfa_for_subgroups + :allow_mfa_for_subgroups, + :resource_access_token_creation_allowed ] end @@ -319,6 +325,23 @@ class GroupsController < Groups::ApplicationController private + def load_recaptcha + Gitlab::Recaptcha.load_configurations! + end + + def check_captcha + return if group_params[:parent_id].present? # Only require for top-level groups + + load_recaptcha + + return if verify_recaptcha + + flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.') + flash.delete :recaptcha_error + @group = Group.new(group_params) + render action: 'new' + end + def successful_creation_hooks; end def groups @@ -336,6 +359,14 @@ class GroupsController < Groups::ApplicationController def has_project_list? %w(details show index).include?(action_name) end + + def captcha_enabled? + Gitlab::Recaptcha.enabled? && Feature.enabled?(:recaptcha_on_top_level_group_creation, type: :ops) + end + + def captcha_required? + captcha_enabled? && !params[:parent_id] + end end GroupsController.prepend_if_ee('EE::GroupsController') |