Add :registrations_recaptcha feature flag

Allows instance owners to toggle the recaptcha requirement on the user registration page by feature flag. Allows GitLab Growth team to measure reCAPTCHA's impact on registrations.

Add :registrations_recaptcha feature flag
Allows instance owners to toggle the recaptcha requirement on the user registration page by feature flag. Allows GitLab Growth team to measure reCAPTCHA's impact on registrations.
9d367684 · Luke Bennett · 3061eee6 · 9d367684 · 9d367684 · 9d367684
Commit 9d367684 authored May 13, 2019 by Luke Bennett
3 changed files
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -4,6 +4,7 @@ class RegistrationsController < Devise::RegistrationsController
  include Recaptcha::Verify
  include AcceptsPendingInvitations
+  prepend_before_action :check_captcha, only: :create
  before_action :whitelist_query_limiting, only: [:destroy]
  before_action :ensure_terms_accepted,
                if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? },
@@ -21,15 +22,10 @@ class RegistrationsController < Devise::RegistrationsController
      params[resource_name] = params.delete(:"new_#{resource_name}")
    end
-    if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
+    accept_pending_invitations
-      accept_pending_invitations
-      super do |new_user|
+    super do |new_user|
-        persist_accepted_terms_if_required(new_user)
+      persist_accepted_terms_if_required(new_user)
-      end
-    else
-      flash[:alert] = s_('Profiles|There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
-      flash.delete :recaptcha_error
-      render action: 'new'
    end
  rescue Gitlab::Access::AccessDeniedError
    redirect_to(new_user_session_path)
@@ -89,6 +85,17 @@ class RegistrationsController < Devise::RegistrationsController
  private
+  def check_captcha
+    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true)
+    return unless Gitlab::Recaptcha.load_configurations!
+    return if verify_recaptcha
+    flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+    flash.delete :recaptcha_error
+    render action: 'new'
+  end
  def sign_up_params
    params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
  end

--- a/locale/gitlab.pot
+++ b/locale/gitlab.pot
@@ -7238,9 +7238,6 @@ msgstr ""
 msgid "Profiles|The maximum file size allowed is 200KB."
 msgstr ""
-msgid "Profiles|There was an error with the reCAPTCHA. Please solve the reCAPTCHA again."
-msgstr ""
 msgid "Profiles|This doesn't look like a public SSH key, are you sure you want to add it?"
 msgstr ""

--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -46,13 +46,17 @@ describe RegistrationsController do
    end
    context 'when reCAPTCHA is enabled' do
+      def fail_recaptcha
+        # Without this, `verify_recaptcha` arbitrarily returns true in test env
+        Recaptcha.configuration.skip_verify_env.delete('test')
+      end
      before do
        stub_application_setting(recaptcha_enabled: true)
      end
      it 'displays an error when the reCAPTCHA is not solved' do
-        # Without this, `verify_recaptcha` arbitrarily returns true in test env
+        fail_recaptcha
-        Recaptcha.configuration.skip_verify_env.delete('test')
        post(:create, params: user_params)
@@ -70,6 +74,17 @@ describe RegistrationsController do
        expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'
      end
+      it 'does not require reCAPTCHA if disabled by feature flag' do
+        stub_feature_flags(registrations_recaptcha: false)
+        fail_recaptcha
+        post(:create, params: user_params)
+        expect(controller).not_to receive(:verify_recaptcha)
+        expect(flash[:alert]).to be_nil
+        expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'
+      end
    end
    context 'when terms are enforced' do