Enable recaptcha check on sign up

reCAPTCHA check was disabled through a feature flag, although it is shown to the user.

Enable recaptcha check on sign up
reCAPTCHA check was disabled through a feature flag, although it is shown to the user.
f739e427 · nicolasdular · e01f24f8 · f739e427 · f739e427 · f739e427
Commit f739e427 authored Feb 03, 2020 by nicolasdular
3 changed files
--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -139,7 +139,6 @@ class RegistrationsController < Devise::RegistrationsController
    ensure_correct_params!
    return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true) # reCAPTCHA on the UI will still display however
-    return if experiment_enabled?(:signup_flow) # when the experimental signup flow is enabled for the current user, disable the reCAPTCHA check
    return unless show_recaptcha_sign_up?
    return unless Gitlab::Recaptcha.load_configurations!

--- a/changelogs/unreleased/nicolasdular-use-recaptcha-on-signup.yml
+++ b/changelogs/unreleased/nicolasdular-use-recaptcha-on-signup.yml
+---
+title: Enable recaptcha check on sign up
+merge_request: 24274
+author:
+type: fixed
--- a/spec/features/users/signup_spec.rb
+++ b/spec/features/users/signup_spec.rb
@@ -360,7 +360,7 @@ shared_examples 'Signup' do
      InvisibleCaptcha.timestamp_enabled = true
      stub_application_setting(recaptcha_enabled: true)
      allow_next_instance_of(RegistrationsController) do |instance|
-        allow(instance).to receive(:verify_recaptcha).and_return(false)
+        allow(instance).to receive(:verify_recaptcha).and_return(true)
      end
    end
@@ -368,6 +368,13 @@ shared_examples 'Signup' do
      InvisibleCaptcha.timestamp_enabled = false
    end
+    context 'when reCAPTCHA detects malicious behaviour' do
+      before do
+        allow_next_instance_of(RegistrationsController) do |instance|
+          allow(instance).to receive(:verify_recaptcha).and_return(false)
+        end
+      end
      it 'prevents from signing up' do
        visit new_user_registration_path
@@ -385,11 +392,29 @@ shared_examples 'Signup' do
        fill_in 'new_user_password', with: new_user.password
        expect { click_button 'Register' }.not_to change { User.count }
+        expect(page).to have_content('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+      end
+    end
+    context 'when invisible captcha detects malicious behaviour' do
+      it 'prevents from signing up' do
+        visit new_user_registration_path
+        fill_in 'new_user_username', with: new_user.username
+        fill_in 'new_user_email', with: new_user.email
        if Gitlab::Experimentation.enabled?(:signup_flow)
-        expect(page).to have_content('That was a bit too quick! Please resubmit.')
+          fill_in 'new_user_first_name', with: new_user.first_name
+          fill_in 'new_user_last_name', with: new_user.last_name
        else
-        expect(page).to have_content('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+          fill_in 'new_user_name', with: new_user.name
+          fill_in 'new_user_email_confirmation', with: new_user.email
+        end
+        fill_in 'new_user_password', with: new_user.password
+        expect { click_button 'Register' }.not_to change { User.count }
+        expect(page).to have_content('That was a bit too quick! Please resubmit.')
      end
    end
  end