summaryrefslogtreecommitdiff
path: root/spec/features/issues/spam_akismet_issue_creation_spec.rb
blob: 4cc4c4cf607ebd8abd1d478d267bb18cab322c91 (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178

# frozen_string_literal: true

require 'spec_helper'

RSpec.describe 'Spam detection on issue creation', :js do
  include StubENV

  let(:project) { create(:project, :public) }
  let(:user) { create(:user) }

  include_context 'includes Spam constants'

  before do
    stub_env('IN_MEMORY_APPLICATION_SETTINGS', 'false')

    Gitlab::CurrentSettings.update!(
      akismet_enabled: true,
      akismet_api_key: 'testkey',
      spam_check_api_key: 'testkey',
      recaptcha_enabled: true,
      recaptcha_site_key: 'test site key',
      recaptcha_private_key: 'test private key'
    )

    project.add_maintainer(user)
    sign_in(user)
    visit new_project_issue_path(project)

    fill_in 'issue_title', with: 'issue title'
    fill_in 'issue_description', with: 'issue description'
  end

  shared_examples 'disallows issue creation' do
    it 'disallows issue creation' do
      click_button 'Create issue'

      expect(page).to have_content('discarded')
      expect(page).not_to have_css('.recaptcha')
      expect(page).not_to have_content('issue title')
    end
  end

  shared_examples 'allows issue creation with CAPTCHA' do
    it 'allows issue creation' do
      click_button 'Create issue'

      # it is impossible to test reCAPTCHA automatically and there is no possibility to fill in recaptcha
      # reCAPTCHA verification is skipped in test environment and it always returns true
      expect(page).not_to have_content('issue title')
      expect(page).to have_css('.recaptcha')

      click_button 'Create issue'

      expect(page.find('.issue-details h1.title')).to have_content('issue title')
      expect(page.find('.issue-details .description')).to have_content('issue description')
    end
  end

  shared_examples 'allows issue creation without CAPTCHA' do
    it 'allows issue creation without need to solve CAPTCHA' do
      click_button 'Create issue'

      expect(page).not_to have_css('.recaptcha')
      expect(page.find('.issue-details h1.title')).to have_content('issue title')
      expect(page.find('.issue-details .description')).to have_content('issue description')
    end
  end

  shared_examples 'creates a spam_log record' do
    it 'creates a spam_log record' do
      expect { click_button 'Create issue' }
        .to log_spam(title: 'issue title', description: 'issue description', user_id: user.id, noteable_type: 'Issue')
    end
  end

  shared_examples 'does not create a spam_log record' do
    it 'does not creates a spam_log record' do
      expect { click_button 'Create issue' }
        .not_to log_spam(title: 'issue title', description: 'issue description', user_id: user.id, noteable_type: 'Issue')
    end
  end

  shared_context 'when spammable is identified as possible spam' do
    before do
      allow_next_instance_of(Spam::AkismetService) do |akismet_service|
        allow(akismet_service).to receive(:spam?).and_return(true)
      end
    end
  end

  shared_context 'when spammable is not identified as possible spam' do
    before do
      allow_next_instance_of(Spam::AkismetService) do |akismet_service|
        allow(akismet_service).to receive(:spam?).and_return(false)
      end
    end
  end

  shared_context 'when CAPTCHA is enabled' do
    before do
      stub_application_setting(recaptcha_enabled: true)
    end
  end

  shared_context 'when CAPTCHA is not enabled' do
    before do
      stub_application_setting(recaptcha_enabled: false)
    end
  end

  shared_context 'when allow_possible_spam feature flag is true' do
    before do
      stub_feature_flags(allow_possible_spam: true)
    end
  end

  shared_context 'when allow_possible_spam feature flag is false' do
    before do
      stub_feature_flags(allow_possible_spam: false)
    end
  end

  describe 'spam handling' do
    # verdict, spam_flagged, captcha_enabled, allow_possible_spam_flag, creates_spam_log
    # TODO: Add example for BLOCK_USER verdict when we add support for testing SpamCheck - see https://gitlab.com/groups/gitlab-org/-/epics/5527#lacking-coverage-for-spamcheck-vs-akismet
    # DISALLOW, true, false, false, true
    # CONDITIONAL_ALLOW, true, true, false, true
    # OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM, true, true, true, true
    # OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM, true, false, true, true
    # ALLOW, false, true, false, false
    # TODO: Add example for NOOP verdict when we add support for testing SpamCheck - see https://gitlab.com/groups/gitlab-org/-/epics/5527#lacking-coverage-for-spamcheck-vs-akismet

    context 'DISALLOW: spam_flagged=true, captcha_enabled=true, allow_possible_spam=true' do
      include_context 'when spammable is identified as possible spam'
      include_context 'when CAPTCHA is enabled'
      include_context 'when allow_possible_spam feature flag is true'

      it_behaves_like 'allows issue creation without CAPTCHA'
      it_behaves_like 'creates a spam_log record'
    end

    context 'CONDITIONAL_ALLOW: spam_flagged=true, captcha_enabled=true, allow_possible_spam=false' do
      include_context 'when spammable is identified as possible spam'
      include_context 'when CAPTCHA is enabled'
      include_context 'when allow_possible_spam feature flag is false'

      it_behaves_like 'allows issue creation with CAPTCHA'
      it_behaves_like 'creates a spam_log record'
    end

    context 'OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM: spam_flagged=true, captcha_enabled=true, allow_possible_spam=true' do
      include_context 'when spammable is identified as possible spam'
      include_context 'when CAPTCHA is enabled'
      include_context 'when allow_possible_spam feature flag is true'

      it_behaves_like 'allows issue creation without CAPTCHA'
      it_behaves_like 'creates a spam_log record'
    end

    context 'OVERRIDE_VIA_ALLOW_POSSIBLE_SPAM: spam_flagged=true, captcha_enabled=false, allow_possible_spam=true' do
      include_context 'when spammable is identified as possible spam'
      include_context 'when CAPTCHA is not enabled'
      include_context 'when allow_possible_spam feature flag is true'

      it_behaves_like 'allows issue creation without CAPTCHA'
      it_behaves_like 'creates a spam_log record'
    end

    context 'ALLOW: spam_flagged=false, captcha_enabled=true, allow_possible_spam=false' do
      include_context 'when spammable is not identified as possible spam'
      include_context 'when CAPTCHA is not enabled'
      include_context 'when allow_possible_spam feature flag is false'

      it_behaves_like 'allows issue creation without CAPTCHA'
      it_behaves_like 'does not create a spam_log record'
    end
  end
end
View Lorry Controller Status