Download as
Browse Code »

Commit b06e3c400334cc8f19ebb44aecae8e162c84bf82

Authored by JoenioCosta
1 parent 27206f78
Exists in staging and in 42 other branches all_pending_tasks_api, api-articles-period, api_roles, caching-rails4, captcha_serpro_plugin, comments_permissions, content-manager-hostspot, elasticsearch, elasticsearch_api, elasticsearch_categories, elasticsearch_filter, elasticsearch_sort, elasticsearch_to_merge, elasticsearch_view, environment-exposes-api, export-comment-api, export-comment-paragraph, export_data, external_followers, federation-webfinger, federation_followers, federation_followers_backend, federation_oauth_provider, federation_webfinger, fix_event_date_issue, fix_notification_email, fix_string_downcase_and_upcase, follower_permition, json_cookie_serializer, login-captcha, master, master_profile_followers, oauth_external_login, oauth_login, private-scraps, private-scraps-rebase, production, production-vendorized, profile_api_improvements, tasks_keep_filter_params, user_mention, webfinger_server

ActionItem146: implementing basic anti-spam for comments 

git-svn-id: https://svn.colivre.coop.br/svn/noosfero/trunk@1610 3f533792-8f58-4932-b0fe-aaf55b0a4547
Showing 3 changed files with 24 additions and 2 deletions   Show diff stats
app/controllers/public/content_viewer_controller.rb
  Diff comments   View file @b06e3c4
... ... @@ -2,6 +2,8 @@ class ContentViewerController < PublicController
2 2  
3 3 needs_profile
4 4  
  5 + inverse_captcha :field => 'e_mail'
  6 +
5 7 def view_page
6 8 path = params[:page].join('/')
7 9  
... ... @@ -32,7 +34,7 @@ class ContentViewerController < PublicController
32 34 return
33 35 end
34 36  
35   - if request.post? && params[:comment]
  37 + if request.post? && params[:comment] && params[self.icaptcha_field].blank?
36 38 add_comment
37 39 end
38 40  
... ...
app/views/content_viewer/_comment_form.rhtml
  Diff comments   View file @b06e3c4
... ... @@ -19,6 +19,7 @@
19 19  
20 20 <%= labelled_form_field(_('Name'), text_field(:comment, :name)) %>
21 21 <%= labelled_form_field(_('e-mail'), text_field(:comment, :email)) %>
  22 + <%= icaptcha_field() %>
22 23  
23 24 <p>
24 25 <%= _('If you are a registered user, you can login and be automatically recognized.') %>
... ...
test/functional/content_viewer_controller_test.rb
  Diff comments   View file @b06e3c4
... ... @@ -90,7 +90,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
90 90 # for example, RSS feeds
91 91 profile = create_user('someone').person
92 92 page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
93   -page.save!
  93 + page.save!
94 94  
95 95 feed = RssFeed.new(:name => 'testfeed')
96 96 feed.profile = profile
... ... @@ -153,5 +153,24 @@ page.save!
153 153  
154 154 end
155 155  
  156 + should 'not be able to post comment while inverse captcha field filled' do
  157 + profile = create_user('popstar').person
  158 + page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
  159 + page.save!
  160 + profile.home_page = page; profile.save!
  161 +
  162 + assert_no_difference Comment, :count do
  163 + post :view_page, :profile => profile.identifier, :page => [ 'myarticle' ], @controller.icaptcha_field => 'filled', :comment => { :title => 'crap!', :body => 'I think that this article is crap', :name => 'Anonymous coward', :email => 'coward@anonymous.com' }
  164 + end
  165 + end
  166 +
  167 + should 'render inverse captcha field' do
  168 + profile = create_user('popstar').person
  169 + page = profile.articles.build(:name => 'myarticle', :body => 'the body of the text')
  170 + page.save!
  171 + profile.home_page = page; profile.save!
  172 + get :view_page, :profile => profile.identifier, :page => [ 'myarticle' ]
  173 + assert_tag :tag => 'input', :attributes => { :type => 'text', :name => @controller.icaptcha_field }
  174 + end
156 175  
157 176 end
... ...