Always ask captcha question on comments

(ActionItem2027)

Always ask captcha question on comments
(ActionItem2027)
Joenio Costa · Daniela Feitosa
1 parent 00641c73
Showing 15 changed files with 49 additions and 6 deletions Show diff stats
app/controllers/public/content_viewer_controller.rb
app/models/comment.rb
app/views/content_viewer/_comment_form.rhtml
features/comment.feature
features/comment_reply.feature
features/step_definitions/noosfero_steps.rb
test/functional/content_viewer_controller_test.rb
test/functional/search_controller_test.rb
test/unit/article_test.rb
test/unit/category_finder_test.rb
test/unit/category_test.rb
test/unit/comment_notifier_test.rb
test/unit/comment_test.rb
test/unit/community_test.rb
test/unit/forum_helper_test.rb
@@ -76,8 +76,13 @@ class ContentViewerController &lt; ApplicationController
  
     @form_div = params[:form]
  
-    if request.post? && params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true' && @page.accept_comments?
-      add_comment
+    if params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true'
+      @comment = Comment.new(params[:comment])
+      if request.post? && @page.accept_comments?
+        add_comment
+      end
+    else
+      @comment = Comment.new
     end
  
     if request.post? && params[:remove_comment]
@@ -114,7 +119,6 @@ class ContentViewerController &lt; ApplicationController
   protected
  
   def add_comment
-    @comment = Comment.new(params[:comment])
     @comment.author = user if logged_in?
     @comment.article = @page
     if @comment.save
 class Comment < ActiveRecord::Base
  
+  has_captcha
+
   track_actions :leave_comment, :after_create, :keep_params => ["article.title", "article.url", "title", "url", "body"], :custom_target => :action_tracker_target 
  
   validates_presence_of :title, :body
@@ -38,6 +38,10 @@
  
   <%= required labelled_form_field(_('Title'), text_field(:comment, :title)) %>
   <%= required labelled_form_field(_('Enter your comment'), text_area(:comment, :body, :rows => 5)) %>
+
+  <%= required labelled_form_field(_("What is the result of '%s = ?'") % @comment.captcha.task, text_field(:comment, :captcha_solution)) %>
+  <%= hidden_field(:comment, :captcha_secret) %>
+
   <% button_bar do %>
     <%= submit_button('add', _('Post comment'), :onclick => "this.form.confirm.value = 'true'; this.disabled = true; this.form.submit(); return true;") %>
     <%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
@@ -81,3 +81,16 @@ Feature: comment
     Then I should see "Enter your comment" within "div#page-comment-form div.post_comment_box.opened"
     And I should be exactly on /booking/article-with-comment
     And I should be moved to anchor "comment_form"
+
+  Scenario: ask captcha question
+    Given I am on /booking/article-with-comment
+    When I follow "Post a comment" within ".post-comment-button"
+    Then I should see "What is the result of "
+
+  @selenium
+  Scenario: keep comments field filled while trying to do a comment
+    Given I am on /booking/article-with-comment
+    And I fill in "Name" with "Joey Ramone"
+    When I press "Post comment"
+    Then the "Name" field should contain "Joey Ramone"
+    And I should see "errors prohibited"
@@ -64,9 +64,11 @@ Feature: comment
  
   @selenium
   Scenario: reply a comment
-    Given I am logged in as "booking"
+    Given skip comments captcha
     And I go to /booking/another-article
     And I follow "Reply" within ".comment-balloon"
+    And I fill in "Name" within "comment-balloon" with "Joey"
+    And I fill in "e-mail" within "comment-balloon" with "joey@ramones.com"
     And I fill in "Title" within "comment-balloon" with "Hey ho, let's go!"
     And I fill in "Enter your comment" within "comment-balloon" with "Hey ho, let's go!"
     When I press "Post comment" within ".comment-balloon"
@@ -359,6 +359,7 @@ Given /^the articles of &quot;(.+)&quot; are moderated$/ do |organization|
 end
  
 Given /^the following comments?$/ do |table|
+  Comment.skip_captcha!
   table.hashes.each do |item|
     data = item.dup
     article = Article.find_by_name(data.delete("article"))
@@ -416,4 +417,6 @@ Given /^the search index is empty$/ do
   ActsAsSolr::Post.execute(Solr::Request::Delete.new(:query => '*:*'))
 end
  
-
+Given /^skip comments captcha$/ do
+  Comment.any_instance.stubs(:skip_captcha?).returns(true)
+end
@@ -15,6 +15,7 @@ class ContentViewerControllerTest &lt; Test::Unit::TestCase
  
     @profile = create_user('testinguser').person
     @environment = @profile.environment
+    Comment.skip_captcha!
   end
   attr_reader :profile, :environment
  
@@ -18,6 +18,7 @@ class SearchControllerTest &lt; Test::Unit::TestCase
     domain.save!
  
     @product_category = fast_create(ProductCategory)
+    Comment.skip_captcha!
   end
  
   def create_article_with_optional_category(name, profile, category = nil)
@@ -7,6 +7,7 @@ class ArticleTest &lt; Test::Unit::TestCase
   def setup
     Test::Unit::TestCase::setup
     @profile = create_user('testing').person
+    Comment.skip_captcha!
   end
   attr_reader :profile
  
@@ -8,7 +8,8 @@ class CategoryFinderTest &lt; ActiveSupport::TestCase
     @finder = CategoryFinder.new(@category)
     @product_category = fast_create(ProductCategory, :name => 'Products')
  
-    Profile.rebuild_solr_index
+    Profile.rebuild_index
+    Comment.skip_captcha!
   end
  
   should 'search for articles in a specific category' do
@@ -5,6 +5,7 @@ class CategoryTest &lt; Test::Unit::TestCase
  
   def setup
     @env = fast_create(Environment)
+    Comment.skip_captcha!
   end
  
   def test_mandatory_field_name
@@ -10,6 +10,7 @@ class CommentNotifierTest &lt; Test::Unit::TestCase
     ActionMailer::Base.deliveries = []
     @profile = create_user('user_comment_test').person
     @article = fast_create(Article, :name => 'Article test', :profile_id => @profile.id, :notify_comments => true)
+    Comment.skip_captcha!
   end
  
   should 'deliver mail after make aarticle commment' do
@@ -327,4 +327,11 @@ class CommentTest &lt; Test::Unit::TestCase
     assert_nil Comment.new(:email => 'my@email.com').author_url
   end
  
+  should 'have the captcha_solution be solved' do
+    c = Comment.new
+    assert !c.valid? && c.errors.invalid?(:captcha_solution)
+    c.skip_captcha!
+    assert !c.valid? && !c.errors.invalid?(:captcha_solution)
+  end
+
 end
@@ -4,6 +4,7 @@ class CommunityTest &lt; Test::Unit::TestCase
  
   def setup
     @person = fast_create(Person)
+    Comment.skip_captcha!
   end
  
   attr_reader :person
@@ -12,6 +12,7 @@ class ForumHelperTest &lt; Test::Unit::TestCase
     @environment = Environment.default
     @profile = create_user('forum_helper_test').person
     @forum = fast_create(Forum, :profile_id => profile.id, :name => 'Forum test')
+    Comment.skip_captcha!
   end
  
   attr :profile
...	...	@@ -76,8 +76,13 @@ class ContentViewerController < ApplicationController
76	76
77	77	@form_div = params[:form]
78	78
79		- if request.post? && params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true' && @page.accept_comments?
80		- add_comment
	79	+ if params[:comment] && params[self.icaptcha_field].blank? && params[:confirm] == 'true'
	80	+ @comment = Comment.new(params[:comment])
	81	+ if request.post? && @page.accept_comments?
	82	+ add_comment
	83	+ end
	84	+ else
	85	+ @comment = Comment.new
81	86	end
82	87
83	88	if request.post? && params[:remove_comment]
...	...	@@ -114,7 +119,6 @@ class ContentViewerController < ApplicationController
114	119	protected
115	120
116	121	def add_comment
117		- @comment = Comment.new(params[:comment])
118	122	@comment.author = user if logged_in?
119	123	@comment.article = @page
120	124	if @comment.save
...	...
1	1	class Comment < ActiveRecord::Base
2	2
	3	+ has_captcha
	4	+
3	5	track_actions :leave_comment, :after_create, :keep_params => ["article.title", "article.url", "title", "url", "body"], :custom_target => :action_tracker_target
4	6
5	7	validates_presence_of :title, :body
...	...
...	...	@@ -38,6 +38,10 @@
38	38
39	39	<%= required labelled_form_field(_('Title'), text_field(:comment, :title)) %>
40	40	<%= required labelled_form_field(_('Enter your comment'), text_area(:comment, :body, :rows => 5)) %>
	41	+
	42	+ <%= required labelled_form_field(_("What is the result of '%s = ?'") % @comment.captcha.task, text_field(:comment, :captcha_solution)) %>
	43	+ <%= hidden_field(:comment, :captcha_secret) %>
	44	+
41	45	<% button_bar do %>
42	46	<%= submit_button('add', _('Post comment'), :onclick => "this.form.confirm.value = 'true'; this.disabled = true; this.form.submit(); return true;") %>
43	47	<%= button_to_function :cancel, _('Cancel'), "f=jQuery(this).parents('.post_comment_box'); f.removeClass('opened'); f.addClass('closed'); return false" %>
...	...
...	...	@@ -81,3 +81,16 @@ Feature: comment
81	81	Then I should see "Enter your comment" within "div#page-comment-form div.post_comment_box.opened"
82	82	And I should be exactly on /booking/article-with-comment
83	83	And I should be moved to anchor "comment_form"
	84	+
	85	+ Scenario: ask captcha question
	86	+ Given I am on /booking/article-with-comment
	87	+ When I follow "Post a comment" within ".post-comment-button"
	88	+ Then I should see "What is the result of "
	89	+
	90	+ @selenium
	91	+ Scenario: keep comments field filled while trying to do a comment
	92	+ Given I am on /booking/article-with-comment
	93	+ And I fill in "Name" with "Joey Ramone"
	94	+ When I press "Post comment"
	95	+ Then the "Name" field should contain "Joey Ramone"
	96	+ And I should see "errors prohibited"
...	...
...	...	@@ -64,9 +64,11 @@ Feature: comment
64	64
65	65	@selenium
66	66	Scenario: reply a comment
67		- Given I am logged in as "booking"
	67	+ Given skip comments captcha
68	68	And I go to /booking/another-article
69	69	And I follow "Reply" within ".comment-balloon"
	70	+ And I fill in "Name" within "comment-balloon" with "Joey"
	71	+ And I fill in "e-mail" within "comment-balloon" with "joey@ramones.com"
70	72	And I fill in "Title" within "comment-balloon" with "Hey ho, let's go!"
71	73	And I fill in "Enter your comment" within "comment-balloon" with "Hey ho, let's go!"
72	74	When I press "Post comment" within ".comment-balloon"
...	...
...	...	@@ -359,6 +359,7 @@ Given /^the articles of "(.+)" are moderated$/ do \|organization\|
359	359	end
360	360
361	361	Given /^the following comments?$/ do \|table\|
	362	+ Comment.skip_captcha!
362	363	table.hashes.each do \|item\|
363	364	data = item.dup
364	365	article = Article.find_by_name(data.delete("article"))
...	...	@@ -416,4 +417,6 @@ Given /^the search index is empty$/ do
416	417	ActsAsSolr::Post.execute(Solr::Request::Delete.new(:query => ':'))
417	418	end
418	419
419		-
	420	+Given /^skip comments captcha$/ do
	421	+ Comment.any_instance.stubs(:skip_captcha?).returns(true)
	422	+end
...	...
...	...	@@ -15,6 +15,7 @@ class ContentViewerControllerTest < Test::Unit::TestCase
15	15
16	16	@profile = create_user('testinguser').person
17	17	@environment = @profile.environment
	18	+ Comment.skip_captcha!
18	19	end
19	20	attr_reader :profile, :environment
20	21
...	...
...	...	@@ -18,6 +18,7 @@ class SearchControllerTest < Test::Unit::TestCase
18	18	domain.save!
19	19
20	20	@product_category = fast_create(ProductCategory)
	21	+ Comment.skip_captcha!
21	22	end
22	23
23	24	def create_article_with_optional_category(name, profile, category = nil)
...	...
...	...	@@ -7,6 +7,7 @@ class ArticleTest < Test::Unit::TestCase
7	7	def setup
8	8	Test::Unit::TestCase::setup
9	9	@profile = create_user('testing').person
	10	+ Comment.skip_captcha!
10	11	end
11	12	attr_reader :profile
12	13
...	...
...	...	@@ -8,7 +8,8 @@ class CategoryFinderTest < ActiveSupport::TestCase
8	8	@finder = CategoryFinder.new(@category)
9	9	@product_category = fast_create(ProductCategory, :name => 'Products')
10	10
11		- Profile.rebuild_solr_index
	11	+ Profile.rebuild_index
	12	+ Comment.skip_captcha!
12	13	end
13	14
14	15	should 'search for articles in a specific category' do
...	...