1 files changed, 85 insertions, 0 deletions

diff --git a/spec/support/shared_examples/graphql/spam_protection_shared_examples.rb b/spec/support/shared_examples/graphql/spam_protection_shared_examples.rb
new file mode 100644
index 00000000000..8fb89a4f80e
--- /dev/null
+++ b/spec/support/shared_examples/graphql/spam_protection_shared_examples.rb
@@ -0,0 +1,85 @@
+# frozen_string_literal: true
+
+require 'spec_helper'
+
+RSpec.shared_examples 'has spam protection' do
+  include AfterNextHelpers
+
+  describe '#check_spam_action_response!' do
+    let(:variables) { nil }
+    let(:headers) { {} }
+    let(:spam_log_id) { 123 }
+    let(:captcha_site_key) { 'abc123' }
+
+    def send_request
+      post_graphql_mutation(mutation, current_user: current_user)
+    end
+
+    before do
+      allow_next(mutation_class).to receive(:spam_action_response_fields).and_return(
+        spam: spam,
+        needs_captcha_response: render_captcha,
+        spam_log_id: spam_log_id,
+        captcha_site_key: captcha_site_key
+      )
+    end
+
+    context 'when the object is spam (DISALLOW)' do
+      shared_examples 'disallow response' do
+        it 'informs the client that the request was denied as spam' do
+          send_request
+
+          expect(graphql_errors)
+            .to contain_exactly a_hash_including('message' => ::Mutations::SpamProtection::SPAM_DISALLOWED_MESSAGE)
+          expect(graphql_errors)
+            .to contain_exactly a_hash_including('extensions' => { "spam" => true })
+        end
+      end
+
+      let(:spam) { true }
+
+      context 'and no CAPTCHA is available' do
+        let(:render_captcha) { false }
+
+        it_behaves_like 'disallow response'
+      end
+
+      context 'and a CAPTCHA is required' do
+        let(:render_captcha) { true }
+
+        it_behaves_like 'disallow response'
+      end
+    end
+
+    context 'when the object is not spam (CONDITIONAL ALLOW)' do
+      let(:spam) { false }
+
+      context 'and no CAPTCHA is required' do
+        let(:render_captcha) { false }
+
+        it 'does not return a to-level error' do
+          send_request
+
+          expect(graphql_errors).to be_blank
+        end
+      end
+
+      context 'and a CAPTCHA is required' do
+        let(:render_captcha) { true }
+
+        it 'informs the client that the request may be retried after solving the CAPTCHA' do
+          send_request
+
+          expect(graphql_errors)
+            .to contain_exactly a_hash_including('message' => ::Mutations::SpamProtection::NEEDS_CAPTCHA_RESPONSE_MESSAGE)
+          expect(graphql_errors)
+            .to contain_exactly a_hash_including('extensions' => {
+              "captcha_site_key" => captcha_site_key,
+              "needs_captcha_response" => true,
+              "spam_log_id" => spam_log_id
+            })
+        end
+      end
+    end
+  end
+end