Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add recaptcha for new addon submission upload #22755

Merged
merged 3 commits into from
Oct 11, 2024
Merged

Add recaptcha for new addon submission upload #22755

merged 3 commits into from
Oct 11, 2024

Conversation

KevinMind
Copy link
Contributor

Fixes: mozilla/addons#15076

Description

Adds recaptcha for new addon submissions, behind a waffle switch.

Context

In order to combat spam uploads, we will enable the google recaptcha field on all new addon upload submissions.

This should NOT lead to a recaptcha being seen on each submission, but will include the field to decide if and when to display.

Testing

You can enable seeing the recaptcha by flipping developer-submit-addon-captcha on

  1. navigate to the new submission page
  2. choose "listed" or "unlisted" (You should test both)
  3. click continue
  4. Expect to see the captcha above the continue button.
  5. upload a valid xpi
  6. If you do not submit the recaptcha, expect the page to reload with an error that the field is required, otherwise you will continue.

Note: if the waffle flag is "disabled" expect 4 to not display the captcha and thus 6 will always let you continue (assuming other fields are valid)

Checklist

  • Add #ISSUENUM at the top of your PR to an existing open issue in the mozilla/addons repository.
  • Successfully verified the change locally.
  • The change is covered by automated tests, or otherwise indicated why doing so is unnecessary/impossible.
  • Add before and after screenshots (Only for changes that impact the UI).
  • Add or update relevant docs reflecting the changes made.

@KevinMind KevinMind requested a review from diox October 11, 2024 09:29
@KevinMind KevinMind force-pushed the require-captcha-addon branch from c4c1414 to 0a63203 Compare October 11, 2024 10:08
diox
diox approved these changes Oct 11, 2024
View reviewed changes
Copy link
Member

@diox diox left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Missing a test around the captcha not being included (even if the waffle switch is active) for new versions submissions.

src/olympia/devhub/views.py Show resolved Hide resolved
@diox
Copy link
Member

diox commented Oct 11, 2024

(Please update the PR title before merging too)

@KevinMind
Copy link
Contributor Author

@diox I'm not sure I understand this scenario?

Missing a test around the captcha not being included (even if the waffle switch is active)

If the switch is active, we include the field... so the test is testing where the captcha is not included.. how would that happen?

@diox
Copy link
Member

diox commented Oct 11, 2024

"for new versions submissions." (not new add-ons). That's a different view, submit_version_upload(), where include_recaptcha is not passed.

diox
diox reviewed Oct 11, 2024
View reviewed changes
src/olympia/devhub/forms.py
Comment on lines +1067 to +1068
recaptcha_enabled = waffle.switch_is_active('developer-submit-addon-captcha')
if not recaptcha_enabled or not self.include_recaptcha:
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For your consideration, I don't necessarily think this is better, but we could do the waffle check in the view, just passing include_recaptcha=waffle.switch_is_active('developer-submit-addon-captcha') ?

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I don't have a super strong opinion if the waffle check happens in the view or the form, but I think the waffle check should be distinct from the view logic, in fact it has to be.

We need to be able to control whether or not to show the feature, and separately whether the feature is avaialble (regardless if we want it or not)

I think given those requirements, having the waffle check in the form actually makes sense, it is totally internalized and centralized.

The expression of "intent" to include the recaptcha is still on the view level (where it belongs IMO)

@KevinMind KevinMind changed the title Require-captcha-addon Add recaptcha for new addon submission upload Oct 11, 2024
@KevinMind KevinMind force-pushed the require-captcha-addon branch from 507cbcc to ea0efc6 Compare October 11, 2024 17:07
@KevinMind KevinMind merged commit 5c6f86e into master Oct 11, 2024
31 checks passed
@KevinMind KevinMind deleted the require-captcha-addon branch October 11, 2024 17:46
KevinMind added a commit that referenced this pull request Oct 14, 2024
@KevinMind
Add recaptcha for new addon submission upload (#22755)
db28805 
* Tests

* Add recaptcha to addon submit form

* TMP: cover negative case tests
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@diox diox diox approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

[Task]: Require a captcha when a developer uploads a NEW add-on or generates new API keys
2 participants
@KevinMind @diox