consul/nairobi
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Adds invisible_captcha to proposals, debates & sps

Browse Source
This commit is contained in:
kikito
2016-04-26 17:12:09 +02:00
parent 4b74a69680
commit 289182b145
7 changed files with 112 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
app/controllers/debates_controller.rb
View File

@@ -11,7 +11,7 @@ class DebatesController < ApplicationController
feature_flag :debates feature_flag :debates
invisible_captcha only: [:create, :update], honeypot: :subtitle invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam
has_orders %w{hot_score confidence_score created_at relevance}, only: :index has_orders %w{hot_score confidence_score created_at relevance}, only: :index
has_orders %w{most_voted newest oldest}, only: :show has_orders %w{most_voted newest oldest}, only: :show
@@ -54,4 +54,8 @@ class DebatesController < ApplicationController
Debate Debate
end end
def redirect_timestamp_spam
redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message
end
end end

8
app/controllers/proposals_controller.rb
View File

@@ -2,6 +2,7 @@ class ProposalsController < ApplicationController
include CommentableActions include CommentableActions
include FlagActions include FlagActions
before_action :parse_search_terms, only: [:index, :suggest] before_action :parse_search_terms, only: [:index, :suggest]
before_action :parse_advanced_search_terms, only: :index before_action :parse_advanced_search_terms, only: :index
before_action :parse_tag_filter, only: :index before_action :parse_tag_filter, only: :index
@@ -10,7 +11,7 @@ class ProposalsController < ApplicationController
before_action :load_geozones, only: [:edit, :map, :summary] before_action :load_geozones, only: [:edit, :map, :summary]
before_action :authenticate_user!, except: [:index, :show, :map, :summary] before_action :authenticate_user!, except: [:index, :show, :map, :summary]
invisible_captcha only: [:create, :update], honeypot: :subtitle invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam
has_orders %w{hot_score confidence_score created_at relevance}, only: :index has_orders %w{hot_score confidence_score created_at relevance}, only: :index
has_orders %w{most_voted newest oldest}, only: :show has_orders %w{most_voted newest oldest}, only: :show
@@ -95,4 +96,9 @@ class ProposalsController < ApplicationController
@resources = @resources.where('proposals.id NOT IN (?)', @featured_proposals.map(&:id)) @resources = @resources.where('proposals.id NOT IN (?)', @featured_proposals.map(&:id))
end end
end end
def redirect_timestamp_spam
redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message
end
end end

6
app/controllers/spending_proposals_controller.rb
View File

@@ -8,7 +8,7 @@ class SpendingProposalsController < ApplicationController
feature_flag :spending_proposals feature_flag :spending_proposals
invisible_captcha only: [:create, :update], honeypot: :subtitle invisible_captcha only: [:create, :update], honeypot: :subtitle, on_timestamp_spam: :redirect_timestamp_spam
respond_to :html, :js respond_to :html, :js
@@ -72,4 +72,8 @@ class SpendingProposalsController < ApplicationController
target target
end end
def redirect_timestamp_spam
redirect_to root_path, notice: InvisibleCaptcha.timestamp_error_message
end
end end

35
spec/features/debates_spec.rb
View File

@@ -107,6 +107,41 @@ feature 'Debates' do
expect(page).to have_content I18n.l(Debate.last.created_at.to_date) expect(page).to have_content I18n.l(Debate.last.created_at.to_date)
end end
scenario 'Create with invisible_captcha honeypot field' do
author = create(:user)
login_as(author)
visit new_debate_path
fill_in 'debate_title', with: 'I am a bot'
fill_in 'debate_subtitle', with: 'This is a honeypot field'
fill_in 'debate_description', with: 'This is the description'
check 'debate_terms_of_service'
click_button 'Start a debate'
expect(page.status_code).to eq(200)
expect(page.html).to be_empty
expect(current_path).to eq(debates_path)
end
scenario 'Create debate too fast' do
allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY)
author = create(:user)
login_as(author)
visit new_debate_path
fill_in 'debate_title', with: 'I am a bot'
fill_in 'debate_description', with: 'This is the description'
check 'debate_terms_of_service'
click_button 'Start a debate'
expect(page).to have_content 'Sorry, that was too quick! Please resubmit'
expect(current_path).to eq(proposals_path)
end
scenario 'Errors on create' do scenario 'Errors on create' do
author = create(:user) author = create(:user)
login_as(author) login_as(author)

30
spec/features/proposals_spec.rb
View File

@@ -146,9 +146,6 @@ feature 'Proposals' do
end end
scenario 'Create with invisible_captcha honeypot field' do scenario 'Create with invisible_captcha honeypot field' do
# Display the honeypot so capybara can fill it as a spammer would do
allow(InvisibleCaptcha).to receive(:visual_honeypots).and_return(true)
author = create(:user) author = create(:user)
login_as(author) login_as(author)
@@ -164,8 +161,31 @@ feature 'Proposals' do
click_button 'Create proposal' click_button 'Create proposal'
expect(page).to_not have_content 'Proposal created successfully.' expect(page.status_code).to eq(200)
expect(current_path).to eq(root_path) expect(page.html).to be_empty
expect(current_path).to eq(proposals_path)
end
scenario 'Create proposal too fast' do
allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY)
author = create(:user)
login_as(author)
visit new_proposal_path
fill_in 'proposal_title', with: 'I am a bot'
fill_in 'proposal_question', with: 'This is a question'
fill_in 'proposal_summary', with: 'This is the summary'
fill_in 'proposal_description', with: 'This is the description'
fill_in 'proposal_external_url', with: 'http://google.com/robots.txt'
fill_in 'proposal_responsible_name', with: 'Some other robot'
check 'proposal_terms_of_service'
click_button 'Create proposal'
expect(page).to have_content 'Sorry, that was too quick! Please resubmit'
expect(current_path).to eq(spending_proposals_path)
end end
scenario 'Responsible name is stored for anonymous users' do scenario 'Responsible name is stored for anonymous users' do

34
spec/features/spending_proposals_spec.rb
View File

@@ -110,6 +110,40 @@ feature 'Spending proposals' do
expect(page).to have_content('All city') expect(page).to have_content('All city')
end end
scenario 'Create with invisible_captcha honeypot field' do
login_as(author)
visit new_spending_proposal_path
fill_in 'spending_proposal_title', with: 'I am a bot'
fill_in 'spending_proposal_subtitle', with: 'This is the honeypot'
fill_in 'spending_proposal_description', with: 'This is the description'
select 'All city', from: 'spending_proposal_geozone_id'
check 'spending_proposal_terms_of_service'
click_button 'Create'
expect(page.status_code).to eq(200)
expect(page.html).to be_empty
expect(current_path).to eq(spending_proposals_path)
end
scenario 'Create spending proposal too fast' do
allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(Float::INFINITY)
login_as(author)
visit new_spending_proposal_path
fill_in 'spending_proposal_title', with: 'I am a bot'
fill_in 'spending_proposal_description', with: 'This is the description'
select 'All city', from: 'spending_proposal_geozone_id'
check 'spending_proposal_terms_of_service'
click_button 'Create'
expect(page).to have_content 'Sorry, that was too quick! Please resubmit'
expect(current_path).to eq(proposals_path)
end
scenario 'Create notice' do scenario 'Create notice' do
login_as(author) login_as(author)

1
spec/spec_helper.rb
View File

@@ -63,6 +63,7 @@ RSpec.configure do |config|
config.before(:each, type: :feature) do config.before(:each, type: :feature) do
Bullet.start_request Bullet.start_request
allow(InvisibleCaptcha).to receive(:timestamp_threshold).and_return(0)
end end
config.after(:each, type: :feature) do config.after(:each, type: :feature) do