Merge branch 'nicolasdular/use-recaptcha-on-signup' into 'master'

Enable reCAPTCHA check on sign up See merge request gitlab-org/gitlab!24274

Merge branch 'nicolasdular/use-recaptcha-on-signup' into 'master'
Enable reCAPTCHA check on sign up See merge request gitlab-org/gitlab!24274
8d2927f7 · Rémy Coutable · 393801b7 · f739e427 · 8d2927f7 · 8d2927f7
Commit 8d2927f7 authored Feb 04, 2020 by Rémy Coutable
3 changed files
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -139,7 +139,6 @@ class RegistrationsController < Devise::RegistrationsController
    ensure_correct_params!

    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true) # reCAPTCHA on the UI will still display however
-    return if experiment_enabled?(:signup_flow) # when the experimental signup flow is enabled for the current user, disable the reCAPTCHA check
    return unless show_recaptcha_sign_up?
    return unless Gitlab::Recaptcha.load_configurations!


--- a/changelogs/unreleased/nicolasdular-use-recaptcha-on-signup.yml
+++ b/changelogs/unreleased/nicolasdular-use-recaptcha-on-signup.yml
+---
+title: Enable recaptcha check on sign up
+merge_request: 24274
+author:
+type: fixed
--- a/spec/features/users/signup_spec.rb
+++ b/spec/features/users/signup_spec.rb
@@ -360,7 +360,7 @@ shared_examples 'Signup' do
      InvisibleCaptcha.timestamp_enabled = true
      stub_application_setting(recaptcha_enabled: true)
      allow_next_instance_of(RegistrationsController) do |instance|
-        allow(instance).to receive(:verify_recaptcha).and_return(false)
+        allow(instance).to receive(:verify_recaptcha).and_return(true)
      end
    end

@@ -368,28 +368,53 @@ shared_examples 'Signup' do
      InvisibleCaptcha.timestamp_enabled = false
    end

-    it 'prevents from signing up' do
-      visit new_user_registration_path
+    context 'when reCAPTCHA detects malicious behaviour' do
+      before do
+        allow_next_instance_of(RegistrationsController) do |instance|
+          allow(instance).to receive(:verify_recaptcha).and_return(false)
+        end
+      end

-      fill_in 'new_user_username', with: new_user.username
-      fill_in 'new_user_email', with: new_user.email
+      it 'prevents from signing up' do
+        visit new_user_registration_path

-      if Gitlab::Experimentation.enabled?(:signup_flow)
-        fill_in 'new_user_first_name', with: new_user.first_name
-        fill_in 'new_user_last_name', with: new_user.last_name
-      else
-        fill_in 'new_user_name', with: new_user.name
-        fill_in 'new_user_email_confirmation', with: new_user.email
+        fill_in 'new_user_username', with: new_user.username
+        fill_in 'new_user_email', with: new_user.email
+
+        if Gitlab::Experimentation.enabled?(:signup_flow)
+          fill_in 'new_user_first_name', with: new_user.first_name
+          fill_in 'new_user_last_name', with: new_user.last_name
+        else
+          fill_in 'new_user_name', with: new_user.name
+          fill_in 'new_user_email_confirmation', with: new_user.email
+        end
+
+        fill_in 'new_user_password', with: new_user.password
+
+        expect { click_button 'Register' }.not_to change { User.count }
+        expect(page).to have_content('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
      end
+    end

-      fill_in 'new_user_password', with: new_user.password
+    context 'when invisible captcha detects malicious behaviour' do
+      it 'prevents from signing up' do
+        visit new_user_registration_path

-      expect { click_button 'Register' }.not_to change { User.count }
+        fill_in 'new_user_username', with: new_user.username
+        fill_in 'new_user_email', with: new_user.email

-      if Gitlab::Experimentation.enabled?(:signup_flow)
+        if Gitlab::Experimentation.enabled?(:signup_flow)
+          fill_in 'new_user_first_name', with: new_user.first_name
+          fill_in 'new_user_last_name', with: new_user.last_name
+        else
+          fill_in 'new_user_name', with: new_user.name
+          fill_in 'new_user_email_confirmation', with: new_user.email
+        end
+
+        fill_in 'new_user_password', with: new_user.password
+
+        expect { click_button 'Register' }.not_to change { User.count }
        expect(page).to have_content('That was a bit too quick! Please resubmit.')
-      else
-        expect(page).to have_content('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
      end
    end
  end