blob: b7b699f71086d444795c0ecf192a41aeb0d45815 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
# frozen_string_literal: true
module Captcha
##
# Encapsulates logic of checking captchas.
#
class CaptchaVerificationService
include Recaptcha::Adapters::ControllerMethods
# Currently the only value that is used out of the request by the reCAPTCHA library
# is 'remote_ip'. Therefore, we just create a struct to avoid passing the full request
# object through all the service layer objects, and instead just rely on passing only
# the required remote_ip value. This eliminates the need to couple the service layer
# to the HTTP request (for the purpose of this service, at least).
RequestStruct = Struct.new(:remote_ip)
def initialize(spam_params:)
@spam_params = spam_params
end
##
# Performs verification of a captcha response.
#
# NOTE: Currently only supports reCAPTCHA, and is not yet used in all places of the app in which
# captchas are verified, but these can be addressed in future MRs. See:
# https://gitlab.com/gitlab-org/gitlab/-/issues/273480
def execute
return false unless spam_params.captcha_response
@request = RequestStruct.new(spam_params.ip_address)
Gitlab::Recaptcha.load_configurations!
# NOTE: We could pass the model and let the recaptcha gem automatically add errors to it,
# but we do not, for two reasons:
#
# 1. We want control over when the errors are added
# 2. We want control over the wording and i18n of the message
# 3. We want a consistent interface and behavior when adding support for other captcha
# libraries which may not support automatically adding errors to the model.
verify_recaptcha(response: spam_params.captcha_response)
end
private
attr_reader :spam_params
# The recaptcha library's Recaptcha::Adapters::ControllerMethods#verify_recaptcha method requires that
# 'request' be a readable attribute - it doesn't support passing it as an options argument.
attr_reader :request
end
end
|
