Commit f7807c5b authored by Patricio Cano's avatar Patricio Cano

Submit all issues on public projects to Akismet if enabled.

parent 9c34fafb
...@@ -94,6 +94,7 @@ v 8.10.0 ...@@ -94,6 +94,7 @@ v 8.10.0
- Updated compare dropdown menus to use GL dropdown - Updated compare dropdown menus to use GL dropdown
- Redirects back to issue after clicking login link - Redirects back to issue after clicking login link
- Submit issues created via the WebUI by non project members to Akismet !5333 - Submit issues created via the WebUI by non project members to Akismet !5333
- All created issues, API or WebUI, can be submitted to Akismet for spam check !5333
- Eager load award emoji on notes - Eager load award emoji on notes
- Allow to define manual actions/builds on Pipelines and Environments - Allow to define manual actions/builds on Pipelines and Environments
- Fix pagination when sorting by columns with lots of ties (like priority) - Fix pagination when sorting by columns with lots of ties (like priority)
......
...@@ -2,7 +2,6 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -2,7 +2,6 @@ class Projects::IssuesController < Projects::ApplicationController
include ToggleSubscriptionAction include ToggleSubscriptionAction
include IssuableActions include IssuableActions
include ToggleAwardEmoji include ToggleAwardEmoji
include Gitlab::AkismetHelper
before_action :module_enabled before_action :module_enabled
before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests, before_action :issue, only: [:edit, :update, :show, :referenced_merge_requests,
...@@ -80,23 +79,14 @@ class Projects::IssuesController < Projects::ApplicationController ...@@ -80,23 +79,14 @@ class Projects::IssuesController < Projects::ApplicationController
end end
def create def create
text = [params[:issue][:title], params[:issue][:description]].reject(&:blank?).join("\n") @issue = Issues::CreateService.new(project, current_user, issue_params.merge({ request: request })).execute
if check_for_spam?(project, current_user) && is_spam?(request.env, current_user, text) if @issue.nil?
attrs = {
user_id: current_user.id,
project_id: project.id,
title: params[:issue][:title],
description: params[:issue][:description]
}
create_spam_log(project, current_user, attrs, request.env, api: false)
@issue = @project.issues.new @issue = @project.issues.new
flash[:notice] = 'Your issue has been recognized as spam and has been discarded.' flash[:notice] = 'Your issue has been recognized as spam and has been discarded.'
render :new and return render :new and return
end end
@issue = Issues::CreateService.new(project, current_user, issue_params).execute
respond_to do |format| respond_to do |format|
format.html do format.html do
if @issue.valid? if @issue.valid?
......
...@@ -3,9 +3,13 @@ module Issues ...@@ -3,9 +3,13 @@ module Issues
def execute def execute
filter_params filter_params
label_params = params[:label_ids] label_params = params[:label_ids]
issue = project.issues.new(params.except(:label_ids)) issue = project.issues.new(params.except(:label_ids, :request))
issue.author = params[:author] || current_user issue.author = params[:author] || current_user
if Issues::SpamCheckService.new(project, current_user, params).spam_detected?
return nil
end
if issue.save if issue.save
issue.update_attributes(label_ids: label_params) issue.update_attributes(label_ids: label_params)
notification_service.new_issue(issue, current_user) notification_service.new_issue(issue, current_user)
......
module Issues
class SpamCheckService < BaseService
include Gitlab::AkismetHelper
def spam_detected?
text = [params[:title], params[:description]].reject(&:blank?).join("\n")
request = params[:request]
if request
if check_for_spam?(project) && is_spam?(request.env, current_user, text)
attrs = {
user_id: current_user.id,
project_id: project.id,
title: params[:title],
description: params[:description]
}
create_spam_log(project, current_user, attrs, request.env, api: false)
return true
end
end
false
end
end
end
# Akismet # Akismet
> *Note:* Before 8.10 only issues submitted via the API and for non-project
members were submitted to Akismet.
GitLab leverages [Akismet](http://akismet.com) to protect against spam. Currently GitLab leverages [Akismet](http://akismet.com) to protect against spam. Currently
GitLab uses Akismet to prevent users who are not members of a project from GitLab uses Akismet to prevent the creation of spam issues on public projects. Issues
creating spam via the GitLab API. Detected spam will be rejected, and created via the WebUI or the API can be submitted to Akismet for review.
an entry in the "Spam Log" section in the Admin page will be created.
> *Note:* As of 8.10 GitLab also submits issues created via the WebUI by non Detected spam will be rejected, and an entry in the "Spam Log" section in the
project members to Akismet to prevent spam. Admin page will be created.
Privacy note: GitLab submits the user's IP and user agent to Akismet. Note that Privacy note: GitLab submits the user's IP and user agent to Akismet. Note that
adding a user to a project will disable the Akismet check and prevent this adding a user to a project will disable the Akismet check and prevent this
......
...@@ -157,15 +157,13 @@ module API ...@@ -157,15 +157,13 @@ module API
end end
project = user_project project = user_project
text = [attrs[:title], attrs[:description]].reject(&:blank?).join("\n")
if check_for_spam?(project, current_user) && is_spam?(env, current_user, text) issue = ::Issues::CreateService.new(project, current_user, attrs.merge({ request: request })).execute
create_spam_log(project, current_user, attrs, env)
if issue.nil?
render_api_error!({ error: 'Spam detected' }, 400) render_api_error!({ error: 'Spam detected' }, 400)
end end
issue = ::Issues::CreateService.new(project, current_user, attrs).execute
if issue.valid? if issue.valid?
# Find or create labels and attach to issue. Labels are valid because # Find or create labels and attach to issue. Labels are valid because
# we already checked its name, so there can't be an error here # we already checked its name, so there can't be an error here
......
...@@ -17,8 +17,8 @@ module Gitlab ...@@ -17,8 +17,8 @@ module Gitlab
env['HTTP_USER_AGENT'] env['HTTP_USER_AGENT']
end end
def check_for_spam?(project, user) def check_for_spam?(project)
akismet_enabled? && !project.team.member?(user) akismet_enabled? && project.public?
end end
def is_spam?(environment, user, text) def is_spam?(environment, user, text)
......
require 'spec_helper' require 'spec_helper'
describe Gitlab::AkismetHelper, type: :helper do describe Gitlab::AkismetHelper, type: :helper do
let(:project) { create(:project) } let(:project) { create(:project, :public) }
let(:user) { create(:user) } let(:user) { create(:user) }
before do before do
...@@ -11,13 +11,13 @@ describe Gitlab::AkismetHelper, type: :helper do ...@@ -11,13 +11,13 @@ describe Gitlab::AkismetHelper, type: :helper do
end end
describe '#check_for_spam?' do describe '#check_for_spam?' do
it 'returns true for non-member' do it 'returns true for public project' do
expect(helper.check_for_spam?(project, user)).to eq(true) expect(helper.check_for_spam?(project)).to eq(true)
end end
it 'returns false for member' do it 'returns false for private project' do
project.team << [user, :guest] project.update_attribute(:visibility_level, Gitlab::VisibilityLevel::PRIVATE)
expect(helper.check_for_spam?(project, user)).to eq(false) expect(helper.check_for_spam?(project)).to eq(false)
end end
end end
......
...@@ -531,10 +531,8 @@ describe API::API, api: true do ...@@ -531,10 +531,8 @@ describe API::API, api: true do
describe 'POST /projects/:id/issues with spam filtering' do describe 'POST /projects/:id/issues with spam filtering' do
before do before do
Grape::Endpoint.before_each do |endpoint| allow_any_instance_of(Gitlab::AkismetHelper).to receive(:check_for_spam?).and_return(true)
allow(endpoint).to receive(:check_for_spam?).and_return(true) allow_any_instance_of(Gitlab::AkismetHelper).to receive(:is_spam?).and_return(true)
allow(endpoint).to receive(:is_spam?).and_return(true)
end
end end
let(:params) do let(:params) do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment