diff options
Diffstat (limited to 'app/controllers/concerns/spammable_actions.rb')
| -rw-r--r-- | app/controllers/concerns/spammable_actions.rb | 35 |
1 files changed, 10 insertions, 25 deletions
diff --git a/app/controllers/concerns/spammable_actions.rb b/app/controllers/concerns/spammable_actions.rb index 9e861d2859d..eb1223f22a9 100644 --- a/app/controllers/concerns/spammable_actions.rb +++ b/app/controllers/concerns/spammable_actions.rb @@ -47,31 +47,16 @@ module SpammableActions end end - def spammable_params - # NOTE: For the legacy reCAPTCHA implementation based on the HTML/HAML form, the - # 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the - # recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form. - # - # It is used in the `Recaptcha::Verify#verify_recaptcha` to extract the value from `params`, - # if the `response` option is not passed explicitly. - # - # Instead of relying on this behavior, we are extracting and passing it explicitly. This will - # make it consistent with the newer, modern reCAPTCHA verification process as it will be - # implemented via the GraphQL API and in Vue components via the native reCAPTCHA Javascript API, - # which requires that the recaptcha response param be obtained and passed explicitly. - # - # It can also be expanded to multiple fields when we move to future alternative captcha - # implementations such as FriendlyCaptcha. See https://gitlab.com/gitlab-org/gitlab/-/issues/273480 - - # After this newer GraphQL/JS API process is fully supported by the backend, we can remove the - # check for the 'g-recaptcha-response' field and other HTML/HAML form-specific support. - captcha_response = params['g-recaptcha-response'] || params[:captcha_response] - - { - request: request, - spam_log_id: params[:spam_log_id], - captcha_response: captcha_response - } + # TODO: This method is currently only needed for issue create, to convert spam/CAPTCHA values from + # params, and instead be passed as headers, as the spam services now all expect. It can be removed + # when issue create is is converted to a client/JS based approach instead of the legacy HAML + # `_recaptcha_form.html.haml` which is rendered via the `projects/issues/verify` template. + # In that case, which is based on the legacy reCAPTCHA implementation using the HTML/HAML form, + # the 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the + # recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form. + def extract_legacy_spam_params_to_headers + request.headers['X-GitLab-Captcha-Response'] = params['g-recaptcha-response'] || params[:captcha_response] + request.headers['X-GitLab-Spam-Log-Id'] = params[:spam_log_id] end def spammable |