Commit 3cf5325e authored by azul's avatar azul

Merge branch 'feature/block-spam' into 'master'

Feature/block spam

See merge request !290
parents 3c0d07be e51e6a04
......@@ -21,13 +21,12 @@ class Page::PostsController < ApplicationController
def create
authorize @page, :show?
if @post = @page.add_post(current_user, post_params)
respond_to do |format|
format.js { @posts = @page.posts(pagination_params) }
format.html { redirect_to page_url(@page) + "#post-#{@post.id}" }
end
authorize @post
@post = @page.add_post(current_user, post_params)
respond_to do |format|
format.html { redirect_to page_url(@page) + "#post-#{@post.id}" }
format.js { @posts = @page.posts(pagination_params) }
end
authorize @post
end
protected
......
......@@ -68,6 +68,7 @@ class Post < ActiveRecord::Base
format_attribute :body
validates_presence_of :user, :body
validate :in_reply_to_matches_recipient
validate :no_spam
alias created_by user
......@@ -194,6 +195,12 @@ class Post < ActiveRecord::Base
"post_#{id}_body"
end
def with_link?
format_body
body_html.gsub(/<(\/*)a\s([^>]*?)>/) { |_m| return true }
return false
end
protected
def post_created
......@@ -217,4 +224,13 @@ class Post < ActiveRecord::Base
"Ugh. The user and the post you are replying to don't match."
end
end
def no_spam
page = discussion.try.page
return unless page.try.public? && with_link?
return if user.may?(:view, page)
Rails.logger.info 'Detected possible SPAM:'
Rails.logger.info body
errors.add :body, I18n.t(:spam_comment_detected)
end
end
......@@ -5,7 +5,7 @@
%td.post_author
= render 'ui/author', author: current_user
%td.post_body
= form_for @post, url: posts_path, remote: true, authenticity_token: true,
= form_for Post.new, url: posts_path, remote: true, authenticity_token: true,
html: {onsubmit: show_spinner('post')} do |f|
= f.text_area :body, rows: 8, class: 'form-control'
.buttons-right
......
......@@ -46,6 +46,9 @@ en:
select_files: "Select files"
send_button: Send
show_thing: "Show %{thing}"
spam_comment_detected: |
looks like spam we have been seeing lately.
It will probably work if you remove the links.
thing_destroyed: "%{thing} destroyed"
thing_required: "%{thing} Required"
updated: Updated
......
......@@ -37,5 +37,7 @@ purple_orange:
commentable_type: "User"
<% end %>
on_blues_page:
commentable_id: 1002
commentable_type: "Page"
......@@ -8,3 +8,29 @@ gerrard_to_blue:
<% updated = created = rand(46080) %>
updated_at: "<%= 10.minutes.ago.to_s(:db) %>"
created_at: "<%= 10.minutes.ago.to_s(:db) %>"
html_link:
user_id: 4
discussion: on_blues_page
body: |
Post with a html link
<a href="http://crabgrass.example">link</a>
auto_link:
user_id: 4
discussion: on_blues_page
body: |
Post with an automatic link:
https://crabgrass.example
greencloth_link:
user_id: 4
discussion: on_blues_page
body: |
Post with a [greencloth link]
no_link:
user_id: 4
discussion: on_blues_page
body: |
Post without any link
require 'test_helper'
class PostTest < ActiveSupport::TestCase
fixtures :posts
def test_with_link
[:greencloth_link, :auto_link, :html_link].each do |fixture_name|
assert posts(fixture_name).with_link?,
"Post fixture '#{fixture_name}' has a link but with_link? says it doesn't."
end
fixture_name = :no_link
refute posts(fixture_name).with_link?,
"Post fixture '#{fixture_name}' has no link but with_link? says it does."
end
def test_prevent_creation_of_spam
page = pages(:public_wiki)
user = users(:penguin)
assert_raises ActiveRecord::RecordInvalid do
post = page.add_post(user, body: posts(:auto_link).body)
end
end
def test_visitor_comment_without_link
page = pages(:public_wiki)
user = users(:penguin)
post = page.add_post(user, body: posts(:no_link).body)
assert_empty post.errors
assert_predicate post, :persisted?
end
def test_allow_authorized_comment_with_link
page = pages(:public_wiki)
user = users(:gerrard)
post = page.add_post(user, body: posts(:auto_link).body)
assert_empty post.errors
assert_predicate post, :persisted?
end
end
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment