1 files changed, 19 insertions, 38 deletions
diff --git a/app/controllers/concerns/spammable_actions.rb b/app/controllers/concerns/spammable_actions.rb
index 4ec561014a8..b285faee9bc 100644
--- a/app/controllers/concerns/spammable_actions.rb
+++ b/app/controllers/concerns/spammable_actions.rb
@@ -3,9 +3,6 @@
 module SpammableActions
   extend ActiveSupport::Concern
 
-  include Recaptcha::Verify
-  include Gitlab::Utils::StrongMemoize
-
   included do
     before_action :authorize_submit_spammable!, only: :mark_as_spam
   end
@@ -20,17 +17,11 @@ module SpammableActions
 
   private
 
-  def ensure_spam_config_loaded!
-    strong_memoize(:spam_config_loaded) do
-      Gitlab::Recaptcha.load_configurations!
-    end
-  end
-
   def recaptcha_check_with_fallback(should_redirect = true, &fallback)
     if should_redirect && spammable.valid?
       redirect_to spammable_path
-    elsif render_recaptcha?
-      ensure_spam_config_loaded!
+    elsif spammable.render_recaptcha?
+      Gitlab::Recaptcha.load_configurations!
 
       respond_to do |format|
         format.html do
@@ -50,33 +41,30 @@ module SpammableActions
   end
 
   def spammable_params
-    default_params = { request: request }
-
-    recaptcha_check = recaptcha_response &&
-      ensure_spam_config_loaded! &&
-      verify_recaptcha(response: recaptcha_response)
-
-    return default_params unless recaptcha_check
-
-    { recaptcha_verified: true,
-      spam_log_id: params[:spam_log_id] }.merge(default_params)
-  end
-
-  def recaptcha_response
-    # NOTE: This field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the recaptcha
-    # gem, which is called from the HAML `_recaptcha_form.html.haml` form.
+    # NOTE: For the legacy reCAPTCHA implementation based on the HTML/HAML form, the
+    # 'g-recaptcha-response' field name comes from `Recaptcha::ClientHelper#recaptcha_tags` in the
+    # recaptcha gem, which is called from the HAML `_recaptcha_form.html.haml` form.
     #
-    # It is used in the `Recaptcha::Verify#verify_recaptcha` if the `response` option is not
-    # passed explicitly.
+    # It is used in the `Recaptcha::Verify#verify_recaptcha` to extract the value from `params`,
+    # if the `response` option is not passed explicitly.
     #
     # Instead of relying on this behavior, we are extracting and passing it explicitly. This will
     # make it consistent with the newer, modern reCAPTCHA verification process as it will be
     # implemented via the GraphQL API and in Vue components via the native reCAPTCHA Javascript API,
     # which requires that the recaptcha response param be obtained and passed explicitly.
     #
-    # After this newer GraphQL/JS API process is fully supported by the backend, we can remove this
-    # (and other) HAML-specific support.
-    params['g-recaptcha-response']
+    # It can also be expanded to multiple fields when we move to future alternative captcha
+    # implementations such as FriendlyCaptcha. See https://gitlab.com/gitlab-org/gitlab/-/issues/273480
+
+    # After this newer GraphQL/JS API process is fully supported by the backend, we can remove the
+    # check for the 'g-recaptcha-response' field and other HTML/HAML form-specific support.
+    captcha_response = params['g-recaptcha-response']
+
+    {
+      request: request,
+      spam_log_id: params[:spam_log_id],
+      captcha_response: captcha_response
+    }
   end
 
   def spammable
@@ -90,11 +78,4 @@ module SpammableActions
   def authorize_submit_spammable!
     access_denied! unless current_user.admin?
   end
-
-  def render_recaptcha?
-    return false if spammable.errors.count > 1 # re-render "new" template in case there are other errors
-    return false unless Gitlab::Recaptcha.enabled?
-
-    spammable.needs_recaptcha?
-  end
 end