Merge branch 'set-gon_variables-after-requiest-with-invalid-reCAPTCHA' into 'master'

Sets Gon variables in response to requests with invalid reCAPTCHA See merge request gitlab-org/gitlab!88078

Merge branch 'set-gon_variables-after-requiest-with-invalid-reCAPTCHA' into 'master'
dfe1a7f8 · Stan Hu · dde3a70e · 37426022 · dfe1a7f8 · dfe1a7f8
Commit dfe1a7f8 authored 2 years ago by Stan Hu
--- a/app/controllers/concerns/gitlab_recaptcha.rb
+++ b/app/controllers/concerns/gitlab_recaptcha.rb
@@ -17,6 +17,9 @@ def check_recaptcha
    flash.delete :recaptcha_error
  
    self.resource = resource_class.new
+
+    add_gon_variables
+
    render action: 'new'
  end
 end
--- a/app/controllers/groups_controller.rb
+++ b/app/controllers/groups_controller.rb
@@ -360,6 +360,7 @@ def check_captcha
    flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
    flash.delete :recaptcha_error
    @group = Group.new(group_params)
+    add_gon_variables
    render action: 'new'
  end
  

--- a/app/controllers/registrations_controller.rb
+++ b/app/controllers/registrations_controller.rb
@@ -153,6 +153,7 @@ def check_captcha
  
    flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
    flash.delete :recaptcha_error
+    add_gon_variables
    render action: 'new'
  end
  

--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@@ -127,7 +127,9 @@ def check_captcha
      flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
      flash.delete :recaptcha_error
  
-      redirect_to new_user_session_path
+      add_gon_variables
+
+      respond_with_navigational(resource) { render :new }
    end
  end
  

--- a/ee/app/controllers/ee/sessions_controller.rb
+++ b/ee/app/controllers/ee/sessions_controller.rb
@@ -124,7 +124,9 @@ def failed_login_captcha
      flash[:alert] = 'Login failed. Please retry from your primary device and network.'
      flash.delete :recaptcha_error
  
-      redirect_to new_user_session_path
+      add_gon_variables
+
+      respond_with_navigational(resource) { render :new }
    end
  
    def arkose_public_api_key

--- a/ee/spec/controllers/ee/sessions_controller_spec.rb
+++ b/ee/spec/controllers/ee/sessions_controller_spec.rb
@@ -186,23 +186,35 @@ def authenticate_2fa(otp_user_id: user.id, **user_params)
      end
  
      context 'when the user was not verified by Arkose' do
-        it 'prevents the user from logging in' do
+        before do
          allow_next_instance_of(Arkose::UserVerificationService) do |instance|
            allow(instance).to receive(:execute).and_return(false)
          end
+        end
+
+        it 'prevents the user from logging in' do
          post(:create, params: params, session: {})
  
-          expect(response).to redirect_to new_user_session_path
+          expect(response).to render_template(:new)
          expect(flash[:alert]).to include 'Login failed. Please retry from your primary device and network'
          expect(subject.current_user).to be_nil
        end
+
+        it 'sets gon variables' do
+          Gon.clear
+
+          post(:create, params: params, session: {})
+
+          expect(response).to render_template(:new)
+          expect(Gon.all_variables).not_to be_empty
+        end
      end
  
      context 'when the user should be verified by Arkose but the request does not contain the arkose token' do
        it 'prevents the user from logging in' do
          post(:create, params: params.except!(:arkose_labs_token), session: {})
  
-          expect(response).to redirect_to new_user_session_path
+          expect(response).to render_template(:new)
          expect(flash[:alert]).to include 'Login failed. Please retry from your primary device and network'
          expect(subject.current_user).to be_nil
        end

--- a/spec/controllers/confirmations_controller_spec.rb
+++ b/spec/controllers/confirmations_controller_spec.rb
@@ -146,13 +146,26 @@ def perform_request
        stub_application_setting(recaptcha_enabled: true)
      end
  
-      it 'displays an error when the reCAPTCHA is not solved' do
-        Recaptcha.configuration.skip_verify_env.delete('test')
+      context 'when the reCAPTCHA is not solved' do
+        before do
+          Recaptcha.configuration.skip_verify_env.delete('test')
+        end
  
-        perform_request
+        it 'displays an error' do
+          perform_request
  
-        expect(response).to render_template(:new)
-        expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+        end
+
+        it 'sets gon variables' do
+          Gon.clear
+
+          perform_request
+
+          expect(response).to render_template(:new)
+          expect(Gon.all_variables).not_to be_empty
+        end
      end
  
      it 'successfully sends password reset when reCAPTCHA is solved' do

--- a/spec/controllers/groups_controller_spec.rb
+++ b/spec/controllers/groups_controller_spec.rb
@@ -373,13 +373,26 @@
        end
      end
  
-      it 'displays an error when the reCAPTCHA is not solved' do
-        allow(controller).to receive(:verify_recaptcha).and_return(false)
+      context 'when the reCAPTCHA is not solved' do
+        before do
+          allow(controller).to receive(:verify_recaptcha).and_return(false)
+        end
  
-        post :create, params: { group: { name: 'new_group', path: "new_group" } }
+        it 'displays an error' do
+          post :create, params: { group: { name: 'new_group', path: "new_group" } }
+
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'))
+        end
+
+        it 'sets gon variables' do
+          Gon.clear
+
+          post :create, params: { group: { name: 'new_group', path: "new_group" } }
  
-        expect(response).to render_template(:new)
-        expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'))
+          expect(response).to render_template(:new)
+          expect(Gon.all_variables).not_to be_empty
+        end
      end
  
      it 'allows creating a group when the reCAPTCHA is solved' do

--- a/spec/controllers/passwords_controller_spec.rb
+++ b/spec/controllers/passwords_controller_spec.rb
@@ -115,13 +115,26 @@
        stub_application_setting(recaptcha_enabled: true)
      end
  
-      it 'displays an error when the reCAPTCHA is not solved' do
-        Recaptcha.configuration.skip_verify_env.delete('test')
+      context 'when the reCAPTCHA is not solved' do
+        before do
+          Recaptcha.configuration.skip_verify_env.delete('test')
+        end
  
-        perform_request
+        it 'displays an error' do
+          perform_request
+
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+        end
  
-        expect(response).to render_template(:new)
-        expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+        it 'sets gon variables' do
+          Gon.clear
+
+          perform_request
+
+          expect(response).to render_template(:new)
+          expect(Gon.all_variables).not_to be_empty
+        end
      end
  
      it 'successfully sends password reset when reCAPTCHA is solved' do

--- a/spec/controllers/registrations_controller_spec.rb
+++ b/spec/controllers/registrations_controller_spec.rb
@@ -292,13 +292,26 @@
        end
      end
  
-      it 'displays an error when the reCAPTCHA is not solved' do
-        allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
+      context 'when the reCAPTCHA is not solved' do
+        before do
+          allow_any_instance_of(described_class).to receive(:verify_recaptcha).and_return(false)
+        end
  
-        subject
+        it 'displays an error' do
+          subject
+
+          expect(response).to render_template(:new)
+          expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'))
+        end
+
+        it 'sets gon variables' do
+          Gon.clear
  
-        expect(response).to render_template(:new)
-        expect(flash[:alert]).to eq(_('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.'))
+          subject
+
+          expect(response).to render_template(:new)
+          expect(Gon.all_variables).not_to be_empty
+        end
      end
  
      it 'redirects to the welcome page when the reCAPTCHA is solved' do

--- a/spec/controllers/sessions_controller_spec.rb
+++ b/spec/controllers/sessions_controller_spec.rb
@@ -233,14 +233,23 @@ def succesful_login(user_params, sesion_params: {})
            request.headers[described_class::CAPTCHA_HEADER] = '1'
          end
  
-          it 'displays an error when the reCAPTCHA is not solved' do
-            # Without this, `verify_recaptcha` arbitrarily returns true in test env
+          context 'when the reCAPTCHA is not solved' do
+            it 'displays an error' do
+              unsuccesful_login(user_params)
  
-            unsuccesful_login(user_params)
+              expect(response).to render_template(:new)
+              expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
+              expect(subject.current_user).to be_nil
+            end
  
-            expect(response).to redirect_to new_user_session_path
-            expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
-            expect(subject.current_user).to be_nil
+            it 'sets gon variables' do
+              Gon.clear
+
+              unsuccesful_login(user_params)
+
+              expect(response).to render_template(:new)
+              expect(Gon.all_variables).not_to be_empty
+            end
          end
  
          it 'successfully logs in a user when reCAPTCHA is solved' do
@@ -262,7 +271,7 @@ def succesful_login(user_params, sesion_params: {})
            it 'displays an error when the reCAPTCHA is not solved' do
              unsuccesful_login(user_params, sesion_params: { failed_login_attempts: 6 })
  
-              expect(response).to redirect_to new_user_session_path
+              expect(response).to render_template(:new)
              expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
              expect(subject.current_user).to be_nil
            end
@@ -282,7 +291,7 @@ def succesful_login(user_params, sesion_params: {})
            it 'displays an error when the reCAPTCHA is not solved' do
              unsuccesful_login(user_params)
  
-              expect(response).to redirect_to new_user_session_path
+              expect(response).to render_template(:new)
              expect(flash[:alert]).to include _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
              expect(subject.current_user).to be_nil
            end