Skip to content

Add reCAPTCHA fields to snippet mutations

Chad Woolley requested to merge add-recaptcha-fields-to-snippet-mutations into master

What does this MR do?

NOTE: This MR depends on !51537 (merged), and is rebased against its branch, BRANCH: refactor-spammable-recaptcha-mutations

Overview

Builds on !51537 (merged) to add reCAPTCHA-related arguments and fields to the CanMutateSpammable concern.

See Tasks for more details.

See #217722 (closed) for an issue with full context on all planned implementation MRs.

See !50559 (closed) for a spike/Proof of Concept showing a full working implementation of the new reCAPTCHA GraphQL support.

Tasks

  • Add remaining required recaptcha-related fields and arguments to CanMutateSpammable concern
  • Updates shared examples for CanMutateSpammable concern, and removes tests of internal logic in services and concerns (which is now covered by appropriate unit tests of the services)
  • Updates snippet create and update mutation tests accordingly

Exploratory Testing

NOTE: Ensure the snippet_spam feature flag is turned OFF - that feature is not yet fully implemented.

See instructions for testing reCAPTCHA in Testing Notes section of issue: #217722 (closed)

UI

  • Issue create without akismet+recaptcha
  • Issue create with akismet+recaptcha
  • Issue update without akismet+recaptcha
  • Issue update with akismet+recaptcha
  • Snippet create without akismet+recaptcha
  • [-] Snippet create with rakismet+recaptcha (currently unsupported)
  • Snippet update without akismet+recaptcha
  • [-] Snippet update with akismet+recaptcha (currently unsupported)

REST API

  • Issue create without akismet+recaptcha
  • [-] Issue create with akismet+recaptcha (currently unsupported)
  • Issue update without rakismet+ecaptcha
  • [-] Issue update with akismet+recaptcha (currently unsupported)
  • Snippet create without akismet+recaptcha
  • [-] Snippet create with akismet+recaptcha (currently unsupported)
  • Snippet update without akismet+recaptcha
  • [-] Snippet update with akismet+recaptcha (currently unsupported)

GraphQL API

  • Issue create without akismet+recaptcha
  • [-] Issue create with akismet+recaptcha (Not possible (?), never flagged as spam because service doesn't set request in params - asked for confirmation in Slack)
  • Issue update without akismet+recaptcha
  • [-] Issue update with akismet+recaptcha (Not possible (?), never flagged as spam because service doesn't set request in params - asked for confirmation in Slack)
  • Snippet create without akismet+recaptcha
  • [-] Snippet create with akismet+recaptcha (currently unsupported)
  • Snippet update without rakismet+recaptcha
  • [-] Snippet update with akismet+recaptcha (currently unsupported)

Availability and Testing

Security

If this MR contains changes to processing or storing of credentials or tokens, authorization and authentication methods and other items described in the security review guidelines:

  • [-] Label as security and @ mention @gitlab-com/gl-security/appsec
  • [-] The MR includes necessary changes to maintain consistency between UI, API, email, or other methods
  • [-] Security reports checked/validated by a reviewer from the AppSec team

Related Issues

Edited by Sean McGivern

Merge request reports

Loading