From ae4fbae26cefbf10848719ee8c06d418c348420c Mon Sep 17 00:00:00 2001 From: Jonathan Rochkind Date: Thu, 8 Oct 2015 11:13:28 -0400 Subject: Send an email (to support) when a user is reported for spam --- app/controllers/abuse_reports_controller.rb | 3 ++ .../admin/application_settings_controller.rb | 1 + app/mailers/abuse_report_mailer.rb | 8 ++++ app/views/abuse_report_mailer/notify.text.haml | 5 ++ .../admin/application_settings/_form.html.haml | 4 ++ ...8143519_add_admin_notification_email_setting.rb | 5 ++ db/schema.rb | 3 +- spec/controllers/abuse_reports_controller_spec.rb | 53 ++++++++++++++++++++++ 8 files changed, 81 insertions(+), 1 deletion(-) create mode 100644 app/mailers/abuse_report_mailer.rb create mode 100644 app/views/abuse_report_mailer/notify.text.haml create mode 100644 db/migrate/20151008143519_add_admin_notification_email_setting.rb create mode 100644 spec/controllers/abuse_reports_controller_spec.rb diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb index 65dbd5ef551..482ec5054ac 100644 --- a/app/controllers/abuse_reports_controller.rb +++ b/app/controllers/abuse_reports_controller.rb @@ -11,6 +11,9 @@ class AbuseReportsController < ApplicationController if @abuse_report.save message = "Thank you for your report. A GitLab administrator will look into it shortly." redirect_to root_path, notice: message + if current_application_settings.admin_notification_email.present? + AbuseReportMailer.delay.notify(@abuse_report, current_application_settings.admin_notification_email) + end else render :new end diff --git a/app/controllers/admin/application_settings_controller.rb b/app/controllers/admin/application_settings_controller.rb index 5f70582cbb7..18a258c139f 100644 --- a/app/controllers/admin/application_settings_controller.rb +++ b/app/controllers/admin/application_settings_controller.rb @@ -55,6 +55,7 @@ class Admin::ApplicationSettingsController < Admin::ApplicationController :default_snippet_visibility, :restricted_signup_domains_raw, :version_check_enabled, + :admin_notification_email, :user_oauth_applications, :ci_enabled, restricted_visibility_levels: [], diff --git a/app/mailers/abuse_report_mailer.rb b/app/mailers/abuse_report_mailer.rb new file mode 100644 index 00000000000..c8b9c9c1628 --- /dev/null +++ b/app/mailers/abuse_report_mailer.rb @@ -0,0 +1,8 @@ +class AbuseReportMailer < BaseMailer + + def notify(abuse_report, to_email) + @abuse_report = abuse_report + + mail(to: to_email, subject: "[Gitlab] Abuse report filed for `#{@abuse_report.user.username}`") + end +end diff --git a/app/views/abuse_report_mailer/notify.text.haml b/app/views/abuse_report_mailer/notify.text.haml new file mode 100644 index 00000000000..70e4e6a3c6c --- /dev/null +++ b/app/views/abuse_report_mailer/notify.text.haml @@ -0,0 +1,5 @@ +An abuse report was filed on `#{@abuse_report.user.username}` by `#{@abuse_report.reporter.username}`. +\ += @abuse_report.message +\ +Abuse report admin screen: #{abuse_reports_url} \ No newline at end of file diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 143cd10c543..036e24d3a46 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -47,6 +47,10 @@ = f.label :version_check_enabled do = f.check_box :version_check_enabled Version check enabled + .form-group + = f.label :admin_notification_email, class: 'control-label col-sm-2' + .col-sm-10 + = f.text_field :admin_notification_email, class: 'form-control' %fieldset %legend Account and Limit Settings diff --git a/db/migrate/20151008143519_add_admin_notification_email_setting.rb b/db/migrate/20151008143519_add_admin_notification_email_setting.rb new file mode 100644 index 00000000000..0bb581efe2c --- /dev/null +++ b/db/migrate/20151008143519_add_admin_notification_email_setting.rb @@ -0,0 +1,5 @@ +class AddAdminNotificationEmailSetting < ActiveRecord::Migration + def change + add_column :application_settings, :admin_notification_email, :string + end +end diff --git a/db/schema.rb b/db/schema.rb index 72609da93f1..23627bdaa22 100644 --- a/db/schema.rb +++ b/db/schema.rb @@ -11,7 +11,7 @@ # # It's strongly recommended that you check this file into your version control system. -ActiveRecord::Schema.define(version: 20150930095736) do +ActiveRecord::Schema.define(version: 20151008143519) do # These are extensions that must be enabled in order to support this database enable_extension "plpgsql" @@ -47,6 +47,7 @@ ActiveRecord::Schema.define(version: 20150930095736) do t.text "import_sources" t.text "help_page_text" t.boolean "ci_enabled", default: true, null: false + t.string "admin_notification_email" end create_table "audit_events", force: true do |t| diff --git a/spec/controllers/abuse_reports_controller_spec.rb b/spec/controllers/abuse_reports_controller_spec.rb new file mode 100644 index 00000000000..6d157406a2b --- /dev/null +++ b/spec/controllers/abuse_reports_controller_spec.rb @@ -0,0 +1,53 @@ +require 'spec_helper' + +describe AbuseReportsController do + let(:reporter) { create(:user) } + let(:user) { create(:user) } + let(:message) { "This user is a spammer" } + + before do + sign_in(reporter) + end + + describe "with admin notification_email set" do + let(:admin_email) { "admin@example.com"} + before(:example) { allow(current_application_settings).to receive(:admin_notification_email).and_return(admin_email) } + + it "sends a notification email" do + post(:create, + abuse_report: { + user_id: user.id, + message: message + } + ) + + expect(response).to have_http_status(:redirect) + expect(flash[:notice]).to start_with("Thank you for your report") + + email = ActionMailer::Base.deliveries.last + + expect(email).to be_present + expect(email.subject).to eq("[Gitlab] Abuse report filed for `#{user.username}`") + expect(email.to).to eq([admin_email]) + expect(email.body).to include(message) + end + end + + describe "without admin notification email set" do + before(:example) { allow(current_application_settings).to receive(:admin_notification_email).and_return(nil) } + + it "does not send a notification email" do + expect do + post(:create, + abuse_report: { + user_id: user.id, + message: message + } + ) + end.to_not change{ActionMailer::Base.deliveries} + + expect(response).to have_http_status(:redirect) + expect(flash[:notice]).to start_with("Thank you for your report") + end + end +end \ No newline at end of file -- cgit v1.2.1 From 6ad683bf13f820283a23cf44e15b241b0f4d7d87 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:58:14 +0200 Subject: Tweak email body. --- app/views/abuse_report_mailer/notify.text.haml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/app/views/abuse_report_mailer/notify.text.haml b/app/views/abuse_report_mailer/notify.text.haml index 70e4e6a3c6c..7dacf857035 100644 --- a/app/views/abuse_report_mailer/notify.text.haml +++ b/app/views/abuse_report_mailer/notify.text.haml @@ -1,5 +1,5 @@ -An abuse report was filed on `#{@abuse_report.user.username}` by `#{@abuse_report.reporter.username}`. +#{@abuse_report.user.name} (@#{@abuse_report.user.username}) was reported for abuse by #{@abuse_report.reporter.name} (@#{@abuse_report.reporter.username}). \ -= @abuse_report.message +> #{@abuse_report.message} \ -Abuse report admin screen: #{abuse_reports_url} \ No newline at end of file +View details: #{admin_abuse_reports_url} -- cgit v1.2.1 From dc170516edb4760d9dc8843830459fe8066dff42 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:58:24 +0200 Subject: Add HTML abuse report notification email. --- app/views/abuse_report_mailer/notify.html.haml | 11 +++++++++++ 1 file changed, 11 insertions(+) create mode 100644 app/views/abuse_report_mailer/notify.html.haml diff --git a/app/views/abuse_report_mailer/notify.html.haml b/app/views/abuse_report_mailer/notify.html.haml new file mode 100644 index 00000000000..619533e09a7 --- /dev/null +++ b/app/views/abuse_report_mailer/notify.html.haml @@ -0,0 +1,11 @@ +%p + #{link_to @abuse_report.user.name, user_url(@abuse_report.user)} + (@#{@abuse_report.user.username}) was reported for abuse by + #{link_to @abuse_report.reporter.name, user_url(@abuse_report.reporter)} + (@#{@abuse_report.reporter.username}). + +%blockquote + = @abuse_report.message + +%p + = link_to "View details", abuse_reports_url -- cgit v1.2.1 From 9f6dc2a4b2e5eca01f5712bd7ec4d007ad4e57e5 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:58:45 +0200 Subject: Only pass abuse report ID to AbuseReportMailer. --- app/controllers/abuse_reports_controller.rb | 7 ++++--- app/mailers/abuse_report_mailer.rb | 10 +++++++--- 2 files changed, 11 insertions(+), 6 deletions(-) diff --git a/app/controllers/abuse_reports_controller.rb b/app/controllers/abuse_reports_controller.rb index 482ec5054ac..2f4054eaa11 100644 --- a/app/controllers/abuse_reports_controller.rb +++ b/app/controllers/abuse_reports_controller.rb @@ -9,11 +9,12 @@ class AbuseReportsController < ApplicationController @abuse_report.reporter = current_user if @abuse_report.save - message = "Thank you for your report. A GitLab administrator will look into it shortly." - redirect_to root_path, notice: message if current_application_settings.admin_notification_email.present? - AbuseReportMailer.delay.notify(@abuse_report, current_application_settings.admin_notification_email) + AbuseReportMailer.delay.notify(@abuse_report.id) end + + message = "Thank you for your report. A GitLab administrator will look into it shortly." + redirect_to root_path, notice: message else render :new end diff --git a/app/mailers/abuse_report_mailer.rb b/app/mailers/abuse_report_mailer.rb index c8b9c9c1628..f0c41f69a5c 100644 --- a/app/mailers/abuse_report_mailer.rb +++ b/app/mailers/abuse_report_mailer.rb @@ -1,8 +1,12 @@ class AbuseReportMailer < BaseMailer + include Gitlab::CurrentSettings - def notify(abuse_report, to_email) - @abuse_report = abuse_report + def notify(abuse_report_id) + @abuse_report = AbuseReport.find(abuse_report_id) - mail(to: to_email, subject: "[Gitlab] Abuse report filed for `#{@abuse_report.user.username}`") + mail( + to: current_application_settings.admin_notification_email, + subject: "#{@abuse_report.user.name} (#{@abuse_report.user.username}) was reported for abuse" + ) end end -- cgit v1.2.1 From 3b1c702572facf3aff58beb91b2c5de4903d7a83 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:58:53 +0200 Subject: Fix spec. --- spec/controllers/abuse_reports_controller_spec.rb | 86 ++++++++++++++--------- 1 file changed, 53 insertions(+), 33 deletions(-) diff --git a/spec/controllers/abuse_reports_controller_spec.rb b/spec/controllers/abuse_reports_controller_spec.rb index 6d157406a2b..10a2cc3c3a4 100644 --- a/spec/controllers/abuse_reports_controller_spec.rb +++ b/spec/controllers/abuse_reports_controller_spec.rb @@ -9,45 +9,65 @@ describe AbuseReportsController do sign_in(reporter) end - describe "with admin notification_email set" do - let(:admin_email) { "admin@example.com"} - before(:example) { allow(current_application_settings).to receive(:admin_notification_email).and_return(admin_email) } - - it "sends a notification email" do - post(:create, - abuse_report: { - user_id: user.id, - message: message - } - ) - - expect(response).to have_http_status(:redirect) - expect(flash[:notice]).to start_with("Thank you for your report") - - email = ActionMailer::Base.deliveries.last - - expect(email).to be_present - expect(email.subject).to eq("[Gitlab] Abuse report filed for `#{user.username}`") - expect(email.to).to eq([admin_email]) - expect(email.body).to include(message) - end - end + describe "POST create" do + context "with admin notification email set" do + let(:admin_email) { "admin@example.com"} - describe "without admin notification email set" do - before(:example) { allow(current_application_settings).to receive(:admin_notification_email).and_return(nil) } + before(:each) do + stub_application_setting(admin_notification_email: admin_email) + end - it "does not send a notification email" do - expect do - post(:create, + it "sends a notification email" do + post :create, abuse_report: { user_id: user.id, message: message } - ) - end.to_not change{ActionMailer::Base.deliveries} - expect(response).to have_http_status(:redirect) - expect(flash[:notice]).to start_with("Thank you for your report") + email = ActionMailer::Base.deliveries.last + + expect(email.to).to eq([admin_email]) + expect(email.subject).to include(user.username) + expect(email.text_part.body).to include(message) + end + + it "saves the abuse report" do + expect { + post :create, + abuse_report: { + user_id: user.id, + message: message + } + }.to change { AbuseReport.count }.by(1) + end + end + + context "without admin notification email set" do + before(:each) do + stub_application_setting(admin_notification_email: nil) + end + + it "does not send a notification email" do + expect { + post :create, + abuse_report: { + user_id: user.id, + message: message + } + + }.not_to change { ActionMailer::Base.deliveries.count } + end + + it "saves the abuse report" do + expect { + post :create, + abuse_report: { + user_id: user.id, + message: message + } + }.to change { AbuseReport.count }.by(1) + end end end -end \ No newline at end of file + +end -- cgit v1.2.1 From 551512b147f63a9fcab938603eb70c112e80fee7 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:58:59 +0200 Subject: Validate admin notification email. --- app/models/application_setting.rb | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/app/models/application_setting.rb b/app/models/application_setting.rb index c8841178e93..05430c2ee18 100644 --- a/app/models/application_setting.rb +++ b/app/models/application_setting.rb @@ -44,6 +44,10 @@ class ApplicationSetting < ActiveRecord::Base allow_blank: true, format: { with: /\A#{URI.regexp(%w(http https))}\z/, message: "should be a valid url" } + validates :admin_notification_email, + allow_blank: true, + email: true + validates_each :restricted_visibility_levels do |record, attr, value| unless value.nil? value.each do |level| -- cgit v1.2.1 From 7ccfbcccef9a78f9dd469b22070663028ff0e972 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 11:59:07 +0200 Subject: Add help text to admin settings notification email. --- app/views/admin/application_settings/_form.html.haml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/views/admin/application_settings/_form.html.haml b/app/views/admin/application_settings/_form.html.haml index 791734dd80d..7a78526e09a 100644 --- a/app/views/admin/application_settings/_form.html.haml +++ b/app/views/admin/application_settings/_form.html.haml @@ -51,6 +51,8 @@ = f.label :admin_notification_email, class: 'control-label col-sm-2' .col-sm-10 = f.text_field :admin_notification_email, class: 'form-control' + .help-block + Abuse reports will be sent to this address if it is set. Abuse reports are always available in the admin area. %fieldset %legend Account and Limit Settings -- cgit v1.2.1 From 024b6fa11a3d0d4aed017997148524e0df1eb177 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 12:06:47 +0200 Subject: Add changelog item --- CHANGELOG | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG b/CHANGELOG index 8f17c5c2ba6..b18a08bf89f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -5,6 +5,7 @@ v 8.2.0 (unreleased) - Highlight comment based on anchor in URL v 8.1.0 (unreleased) + - Send an email to admin email when a user is reported for spam (Jonathan Rochkind) - Fix nonatomic database update potentially causing project star counts to go negative (Stan Hu) - Fix error preventing displaying of commit data for a directory with a leading dot (Stan Hu) - Speed up load times of issue detail pages by roughly 1.5x -- cgit v1.2.1 From 2e2a2a366fa5a7b1179bf34bf22128138e52e4c7 Mon Sep 17 00:00:00 2001 From: Douwe Maan Date: Sun, 18 Oct 2015 13:08:08 +0200 Subject: Satisfy Rubocop --- spec/controllers/abuse_reports_controller_spec.rb | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) diff --git a/spec/controllers/abuse_reports_controller_spec.rb b/spec/controllers/abuse_reports_controller_spec.rb index 10a2cc3c3a4..0faab8d7ff0 100644 --- a/spec/controllers/abuse_reports_controller_spec.rb +++ b/spec/controllers/abuse_reports_controller_spec.rb @@ -32,13 +32,13 @@ describe AbuseReportsController do end it "saves the abuse report" do - expect { + expect do post :create, abuse_report: { user_id: user.id, message: message } - }.to change { AbuseReport.count }.by(1) + end.to change { AbuseReport.count }.by(1) end end @@ -48,24 +48,23 @@ describe AbuseReportsController do end it "does not send a notification email" do - expect { + expect do post :create, abuse_report: { user_id: user.id, message: message } - - }.not_to change { ActionMailer::Base.deliveries.count } + end.not_to change { ActionMailer::Base.deliveries.count } end it "saves the abuse report" do - expect { + expect do post :create, abuse_report: { user_id: user.id, message: message } - }.to change { AbuseReport.count }.by(1) + end.to change { AbuseReport.count }.by(1) end end end -- cgit v1.2.1