From 289182b145422931a242fec6908a0188c88b7191 Mon Sep 17 00:00:00 2001 From: kikito Date: Tue, 26 Apr 2016 17:12:09 +0200 Subject: [PATCH] Adds invisible_captcha to proposals, debates & sps --- app/controllers/debates_controller.rb | 6 +++- app/controllers/proposals_controller.rb | 8 ++++- .../spending_proposals_controller.rb | 6 +++- spec/features/debates_spec.rb | 35 +++++++++++++++++++ spec/features/proposals_spec.rb | 30 +++++++++++++--- spec/features/spending_proposals_spec.rb | 34 ++++++++++++++++++ spec/spec_helper.rb | 1 + 7 files changed, 112 insertions(+), 8 deletions(-) diff --git a/app/controllers/debates_controller.rb b/app/controllers/debates_controller.rb index e077e5e8a..80d408aff 100644 --- a/app/controllers/debates_controller.rb +++ b/app/controllers/debates_controller.rb @@ -11,7 +11,7 @@ class DebatesController < ApplicationController feature_flag :debates - invisible_captcha only: [:create, :update], honeypot: :subtitle + invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam has_orders %w{hot_score confidence_score created_at relevance}, only: :index has_orders %w{most_voted newest oldest}, only: :show @@ -54,4 +54,8 @@ class DebatesController < ApplicationController Debate end + def redirect_timestamp_spam + redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message + end + end diff --git a/app/controllers/proposals_controller.rb b/app/controllers/proposals_controller.rb index 8ec71b8f6..78b6977c8 100644 --- a/app/controllers/proposals_controller.rb +++ b/app/controllers/proposals_controller.rb @@ -2,6 +2,7 @@ class ProposalsController < ApplicationController include CommentableActions include FlagActions + before_action :parse_search_terms, only: [:index, :suggest] before_action :parse_advanced_search_terms, only: :index before_action :parse_tag_filter, only: :index @@ -10,7 +11,7 @@ class ProposalsController < ApplicationController before_action :load_geozones, only: [:edit, :map, :summary] before_action :authenticate_user!, except: [:index, :show, :map, :summary] - invisible_captcha only: [:create, :update], honeypot: :subtitle + invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam has_orders %w{hot_score confidence_score created_at relevance}, only: :index has_orders %w{most_voted newest oldest}, only: :show @@ -95,4 +96,9 @@ class ProposalsController < ApplicationController @resources = @resources.where('proposals.id NOT IN (?)', @featured_proposals.map(&:id)) end end + + def redirect_timestamp_spam + redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message + end + end diff --git a/app/controllers/spending_proposals_controller.rb b/app/controllers/spending_proposals_controller.rb index 3f590f414..ebab6cac7 100644 --- a/app/controllers/spending_proposals_controller.rb +++ b/app/controllers/spending_proposals_controller.rb @@ -8,7 +8,7 @@ class SpendingProposalsController < ApplicationController feature_flag :spending_proposals - invisible_captcha only: [:create, :update], honeypot: :subtitle + invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam respond_to :html, :js @@ -72,4 +72,8 @@ class SpendingProposalsController < ApplicationController target end + def redirect_timestamp_spam + redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message + end + end diff --git a/spec/features/debates_spec.rb b/spec/features/debates_spec.rb index 03e794d74..3c88b1a95 100644 --- a/spec/features/debates_spec.rb +++ b/spec/features/debates_spec.rb @@ -107,6 +107,41 @@ feature 'Debates' do expect(page).to have_content I18n.l(Debate.last.created_at.to_date) end + scenario 'Create with invisible_captcha honeypot field' do + author = create(:user) + login_as(author) + + visit new_debate_path + fill_in 'debate_title', with: 'I am a bot' + fill_in 'debate_subtitle', with: 'This is a honeypot field' + fill_in 'debate_description', with: 'This is the description' + check 'debate_terms_of_service' + + click_button 'Start a debate' + + expect(page.status_code).to eq(200) + expect(page.html).to be_empty + expect(current_path).to eq(debates_path) + end + + scenario 'Create debate too fast' do + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY) + + author = create(:user) + login_as(author) + + visit new_debate_path + fill_in 'debate_title', with: 'I am a bot' + fill_in 'debate_description', with: 'This is the description' + check 'debate_terms_of_service' + + click_button 'Start a debate' + + expect(page).to have_content 'Sorry, that was too quick! Please resubmit' + + expect(current_path).to eq(proposals_path) + end + scenario 'Errors on create' do author = create(:user) login_as(author) diff --git a/spec/features/proposals_spec.rb b/spec/features/proposals_spec.rb index f37896c6a..4510269d5 100644 --- a/spec/features/proposals_spec.rb +++ b/spec/features/proposals_spec.rb @@ -146,9 +146,6 @@ feature 'Proposals' do end scenario 'Create with invisible_captcha honeypot field' do - # Display the honeypot so capybara can fill it as a spammer would do - allow(InvisibleCaptcha).to receive(:visual_honeypots).and_return(true) - author = create(:user) login_as(author) @@ -164,8 +161,31 @@ feature 'Proposals' do click_button 'Create proposal' - expect(page).to_not have_content 'Proposal created successfully.' - expect(current_path).to eq(root_path) + expect(page.status_code).to eq(200) + expect(page.html).to be_empty + expect(current_path).to eq(proposals_path) + end + + scenario 'Create proposal too fast' do + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY) + + author = create(:user) + login_as(author) + + visit new_proposal_path + fill_in 'proposal_title', with: 'I am a bot' + fill_in 'proposal_question', with: 'This is a question' + fill_in 'proposal_summary', with: 'This is the summary' + fill_in 'proposal_description', with: 'This is the description' + fill_in 'proposal_external_url', with: 'http://google.com/robots.txt' + fill_in 'proposal_responsible_name', with: 'Some other robot' + check 'proposal_terms_of_service' + + click_button 'Create proposal' + + expect(page).to have_content 'Sorry, that was too quick! Please resubmit' + + expect(current_path).to eq(spending_proposals_path) end scenario 'Responsible name is stored for anonymous users' do diff --git a/spec/features/spending_proposals_spec.rb b/spec/features/spending_proposals_spec.rb index dbfdfdf34..392a3f56f 100644 --- a/spec/features/spending_proposals_spec.rb +++ b/spec/features/spending_proposals_spec.rb @@ -110,6 +110,40 @@ feature 'Spending proposals' do expect(page).to have_content('All city') end + scenario 'Create with invisible_captcha honeypot field' do + login_as(author) + + visit new_spending_proposal_path + fill_in 'spending_proposal_title', with: 'I am a bot' + fill_in 'spending_proposal_subtitle', with: 'This is the honeypot' + fill_in 'spending_proposal_description', with: 'This is the description' + select 'All city', from: 'spending_proposal_geozone_id' + check 'spending_proposal_terms_of_service' + + click_button 'Create' + + expect(page.status_code).to eq(200) + expect(page.html).to be_empty + expect(current_path).to eq(spending_proposals_path) + end + + scenario 'Create spending proposal too fast' do + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY) + + login_as(author) + + visit new_spending_proposal_path + fill_in 'spending_proposal_title', with: 'I am a bot' + fill_in 'spending_proposal_description', with: 'This is the description' + select 'All city', from: 'spending_proposal_geozone_id' + check 'spending_proposal_terms_of_service' + + click_button 'Create' + + expect(page).to have_content 'Sorry, that was too quick! Please resubmit' + expect(current_path).to eq(proposals_path) + end + scenario 'Create notice' do login_as(author) diff --git a/spec/spec_helper.rb b/spec/spec_helper.rb index 80d88bc54..c1d391b66 100644 --- a/spec/spec_helper.rb +++ b/spec/spec_helper.rb @@ -63,6 +63,7 @@ RSpec.configure do |config| config.before(:each, type: :feature) do Bullet.start_request + allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(0) end config.after(:each, type: :feature) do