Add reCAPTCHA fields to snippet mutations
What does this MR do?
NOTE: This MR depends on !51537 (merged), and is rebased against its branch, BRANCH: refactor-spammable-recaptcha-mutations
Overview
Builds on !51537 (merged) to add reCAPTCHA-related arguments and fields to the CanMutateSpammable concern.
See Tasks for more details.
See #217722 (closed) for an issue with full context on all planned implementation MRs.
See !50559 (closed) for a spike/Proof of Concept showing a full working implementation of the new reCAPTCHA GraphQL support.
Tasks
-
Add remaining required recaptcha-related fields and arguments to CanMutateSpammable
concern -
Updates shared examples for CanMutateSpammable
concern, and removes tests of internal logic in services and concerns (which is now covered by appropriate unit tests of the services) -
Updates snippet create and update mutation tests accordingly
Exploratory Testing
NOTE: Ensure the snippet_spam
feature flag is turned OFF - that feature is not yet fully implemented.
See instructions for testing reCAPTCHA in Testing Notes section of issue: #217722 (closed)
UI
-
Issue create without akismet+recaptcha -
Issue create with akismet+recaptcha -
Issue update without akismet+recaptcha -
Issue update with akismet+recaptcha -
Snippet create without akismet+recaptcha - [-] Snippet create with rakismet+recaptcha (currently unsupported)
-
Snippet update without akismet+recaptcha - [-] Snippet update with akismet+recaptcha (currently unsupported)
REST API
-
Issue create without akismet+recaptcha - [-] Issue create with akismet+recaptcha (currently unsupported)
-
Issue update without rakismet+ecaptcha - [-] Issue update with akismet+recaptcha (currently unsupported)
-
Snippet create without akismet+recaptcha - [-] Snippet create with akismet+recaptcha (currently unsupported)
-
Snippet update without akismet+recaptcha - [-] Snippet update with akismet+recaptcha (currently unsupported)
GraphQL API
-
Issue create without akismet+recaptcha - [-] Issue create with akismet+recaptcha (Not possible (?), never flagged as spam because service doesn't set request in params - asked for confirmation in Slack)
-
Issue update without akismet+recaptcha - [-] Issue update with akismet+recaptcha (Not possible (?), never flagged as spam because service doesn't set request in params - asked for confirmation in Slack)
-
Snippet create without akismet+recaptcha - [-] Snippet create with akismet+recaptcha (currently unsupported)
-
Snippet update without rakismet+recaptcha - [-] Snippet update with akismet+recaptcha (currently unsupported)
Availability and Testing
-
Review and add/update tests for this feature/bug. Consider all test levels. See the Test Planning Process. - [-] Tested in all supported browsers
- [-] Informed Infrastructure department of a default or new setting change, if applicable per definition of done
Security
If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:
- [-] Label as security and @ mention
@gitlab-com/gl-security/appsec
- [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
- [-] Security reports checked/validated by a reviewer from the AppSec team
Related Issues
- Relates: #217722 (closed)
- Relates: !50559 (closed)