Commit 68ec34f2 authored by Dmytro Zaporozhets (DZ)'s avatar Dmytro Zaporozhets (DZ)

Merge branch 'd0c-s4vage-allowlist-gitlab-service-accounts-spam' into 'master'

Allows GitLab-owned service users to bypass spam

See merge request gitlab-org/gitlab!45310
parents da688e4b 4b65fd03
...@@ -45,7 +45,7 @@ module Spam ...@@ -45,7 +45,7 @@ module Spam
attr_reader :user, :context attr_reader :user, :context
def allowlisted?(user) def allowlisted?(user)
user.try(:gitlab_employee?) || user.try(:gitlab_bot?) user.try(:gitlab_employee?) || user.try(:gitlab_bot?) || user.try(:gitlab_service_user?)
end end
def perform_spam_service_check(api) def perform_spam_service_check(api)
......
...@@ -343,6 +343,12 @@ module EE ...@@ -343,6 +343,12 @@ module EE
end end
end end
def gitlab_service_user?
strong_memoize(:gitlab_service_user) do
service_user? && ::Gitlab::Com.gitlab_com_group_member_id?(id)
end
end
def gitlab_bot? def gitlab_bot?
strong_memoize(:gitlab_bot) do strong_memoize(:gitlab_bot) do
bot? && ::Gitlab::Com.gitlab_com_group_member_id?(id) bot? && ::Gitlab::Com.gitlab_com_group_member_id?(id)
......
---
title: Allows GitLab-owned service users to bypass certain spam checks
merge_request: 45310
author:
type: changed
...@@ -1422,6 +1422,68 @@ RSpec.describe User do ...@@ -1422,6 +1422,68 @@ RSpec.describe User do
end end
end end
describe '#gitlab_service_user?' do
subject { user.gitlab_service_user? }
let_it_be(:gitlab_group) { create(:group, name: 'gitlab-com') }
let_it_be(:random_group) { create(:group, name: 'random-group') }
context 'based on group membership' do
context 'when user belongs to gitlab-com group' do
let(:user) { create(:user, user_type: :service_user) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
end
it { is_expected.to be true }
end
context 'when user does not belong to gitlab-com group' do
let(:user) { create(:user, user_type: :service_user) }
before do
allow(Gitlab).to receive(:com?).and_return(true)
random_group.add_user(user, Gitlab::Access::DEVELOPER)
end
it { is_expected.to be false }
end
end
context 'based on user type' do
using RSpec::Parameterized::TableSyntax
where(:is_com, :user_type, :answer) do
true | :service_user | true
true | :alert_bot | false
true | :human | false
true | :ghost | false
false | :service_user | false
false | :alert_bot | false
false | :human | false
false | :ghost | false
end
with_them do
before do
allow(Gitlab).to receive(:com?).and_return(is_com)
end
let(:user) do
user = create(:user, user_type: user_type)
gitlab_group.add_user(user, Gitlab::Access::DEVELOPER)
user
end
it "returns if the user is a GitLab-owned service user" do
expect(subject).to be answer
end
end
end
end
describe '#security_dashboard' do describe '#security_dashboard' do
let(:user) { create(:user) } let(:user) { create(:user) }
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment