Commit 9d367684 authored by Luke Bennett's avatar Luke Bennett

Add :registrations_recaptcha feature flag

Allows instance owners to toggle the recaptcha requirement
on the user registration page by feature flag.
Allows GitLab Growth team to measure
reCAPTCHA's impact on registrations.
parent 3061eee6
...@@ -4,6 +4,7 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -4,6 +4,7 @@ class RegistrationsController < Devise::RegistrationsController
include Recaptcha::Verify include Recaptcha::Verify
include AcceptsPendingInvitations include AcceptsPendingInvitations
prepend_before_action :check_captcha, only: :create
before_action :whitelist_query_limiting, only: [:destroy] before_action :whitelist_query_limiting, only: [:destroy]
before_action :ensure_terms_accepted, before_action :ensure_terms_accepted,
if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? }, if: -> { Gitlab::CurrentSettings.current_application_settings.enforce_terms? },
...@@ -21,16 +22,11 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -21,16 +22,11 @@ class RegistrationsController < Devise::RegistrationsController
params[resource_name] = params.delete(:"new_#{resource_name}") params[resource_name] = params.delete(:"new_#{resource_name}")
end end
if !Gitlab::Recaptcha.load_configurations! || verify_recaptcha
accept_pending_invitations accept_pending_invitations
super do |new_user| super do |new_user|
persist_accepted_terms_if_required(new_user) persist_accepted_terms_if_required(new_user)
end end
else
flash[:alert] = s_('Profiles|There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
flash.delete :recaptcha_error
render action: 'new'
end
rescue Gitlab::Access::AccessDeniedError rescue Gitlab::Access::AccessDeniedError
redirect_to(new_user_session_path) redirect_to(new_user_session_path)
end end
...@@ -89,6 +85,17 @@ class RegistrationsController < Devise::RegistrationsController ...@@ -89,6 +85,17 @@ class RegistrationsController < Devise::RegistrationsController
private private
def check_captcha
return unless Feature.enabled?(:registrations_recaptcha, default_enabled: true)
return unless Gitlab::Recaptcha.load_configurations!
return if verify_recaptcha
flash[:alert] = _('There was an error with the reCAPTCHA. Please solve the reCAPTCHA again.')
flash.delete :recaptcha_error
render action: 'new'
end
def sign_up_params def sign_up_params
params.require(:user).permit(:username, :email, :email_confirmation, :name, :password) params.require(:user).permit(:username, :email, :email_confirmation, :name, :password)
end end
......
...@@ -7238,9 +7238,6 @@ msgstr "" ...@@ -7238,9 +7238,6 @@ msgstr ""
msgid "Profiles|The maximum file size allowed is 200KB." msgid "Profiles|The maximum file size allowed is 200KB."
msgstr "" msgstr ""
msgid "Profiles|There was an error with the reCAPTCHA. Please solve the reCAPTCHA again."
msgstr ""
msgid "Profiles|This doesn't look like a public SSH key, are you sure you want to add it?" msgid "Profiles|This doesn't look like a public SSH key, are you sure you want to add it?"
msgstr "" msgstr ""
......
...@@ -46,13 +46,17 @@ describe RegistrationsController do ...@@ -46,13 +46,17 @@ describe RegistrationsController do
end end
context 'when reCAPTCHA is enabled' do context 'when reCAPTCHA is enabled' do
def fail_recaptcha
# Without this, `verify_recaptcha` arbitrarily returns true in test env
Recaptcha.configuration.skip_verify_env.delete('test')
end
before do before do
stub_application_setting(recaptcha_enabled: true) stub_application_setting(recaptcha_enabled: true)
end end
it 'displays an error when the reCAPTCHA is not solved' do it 'displays an error when the reCAPTCHA is not solved' do
# Without this, `verify_recaptcha` arbitrarily returns true in test env fail_recaptcha
Recaptcha.configuration.skip_verify_env.delete('test')
post(:create, params: user_params) post(:create, params: user_params)
...@@ -70,6 +74,17 @@ describe RegistrationsController do ...@@ -70,6 +74,17 @@ describe RegistrationsController do
expect(flash[:notice]).to include 'Welcome! You have signed up successfully.' expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'
end end
it 'does not require reCAPTCHA if disabled by feature flag' do
stub_feature_flags(registrations_recaptcha: false)
fail_recaptcha
post(:create, params: user_params)
expect(controller).not_to receive(:verify_recaptcha)
expect(flash[:alert]).to be_nil
expect(flash[:notice]).to include 'Welcome! You have signed up successfully.'
end
end end
context 'when terms are enforced' do context 'when terms are enforced' do
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment