hack together fix to send redirect url to akismet

CenterForOpenScience · Jul 9, 2019 · 1db904b · 1db904b
1 parent 299abdb
commit 1db904b
Show file tree

Hide file tree

Showing 5 changed files with 48 additions and 5 deletions.
diff --git a/addons/forward/tests/test_views.py b/addons/forward/tests/test_views.py
@@ -1,16 +1,21 @@
+import mock
 import pytest
 
 from nose.tools import assert_equal
 
 from addons.forward.tests.utils import ForwardAddonTestCase
 from tests.base import OsfTestCase
+from website import settings
+from tests.json_api_test_app import JSONAPITestApp
 
 pytestmark = pytest.mark.django_db
 
-class TestForwardLogs(ForwardAddonTestCase, OsfTestCase):
+class TestForward(ForwardAddonTestCase, OsfTestCase):
+
+    django_app = JSONAPITestApp()
 
     def setUp(self):
-        super(TestForwardLogs, self).setUp()
+        super(TestForward, self).setUp()
         self.app.authenticate(*self.user.auth)
 
     def test_change_url_log_added(self):
@@ -27,6 +32,38 @@ def test_change_url_log_added(self):
             log_count + 1
         )
 
+    @mock.patch.object(settings, 'SPAM_CHECK_ENABLED', True)
+    @mock.patch('osf.models.node.Node.do_check_spam')
+    def test_change_url_check_spam_v1(self, mock_check_spam):
+        self.project.is_public = True
+        self.project.save()
+        self.app.put_json(self.project.api_url_for('forward_config_put'), {'url': 'http://possiblyspam.com'})
+
+        assert mock_check_spam.called
+        data, _ = mock_check_spam.call_args
+        author, author_email, content, request_headers = data
+
+        assert author == self.user.fullname
+        assert author_email == self.user.username
+        assert content == 'http://possiblyspam.com'
+
+    @mock.patch.object(settings, 'SPAM_CHECK_ENABLED', True)
+    @mock.patch('osf.models.node.Node.do_check_spam')
+    def test_change_url_check_spam_v2(self, mock_check_spam):
+        self.project.is_public = True
+        self.project.save()
+        self.django_app.put_json_api('/v2/nodes/{}/addons/forward/'.format(self.project._id),
+                                     {'data': {'attributes': {'url': 'http://possiblyspam.com'}}},
+                                     auth=self.user.auth)
+
+        assert mock_check_spam.called
+        data, _ = mock_check_spam.call_args
+        author, author_email, content, request_headers = data
+
+        assert author == self.user.fullname
+        assert author_email == self.user.username
+        assert content == 'http://possiblyspam.com'
+
     def test_change_timeout_log_not_added(self):
         log_count = self.project.logs.count()
         self.app.put_json(

diff --git a/addons/forward/views/config.py b/addons/forward/views/config.py
@@ -60,5 +60,6 @@ def forward_config_put(auth, node_addon, **kwargs):
             auth=auth,
             save=True,
         )
+        node_addon.owner.check_spam(auth.user, {'addons_forward_node_settings__url'}, request.headers)
 
     return {}
diff --git a/api/nodes/serializers.py b/api/nodes/serializers.py
@@ -46,7 +46,7 @@
 from website.project.metadata.utils import is_prereg_admin_not_project_admin
 from website.project.model import NodeUpdateError
 from osf.utils import permissions as osf_permissions
-
+from osf.utils.requests import get_headers_from_request
 
 class RegistrationProviderRelationshipField(RelationshipField):
     def get_object(self, _id):
@@ -890,7 +890,9 @@ def create(self, validated_data):
 class ForwardNodeAddonSettingsSerializer(NodeAddonSettingsSerializerBase):
 
     def update(self, instance, validated_data):
-        auth = Auth(self.context['request'].user)
+        request = self.context['request']
+        user = request.user
+        auth = Auth(user)
         set_url = 'url' in validated_data
         set_label = 'label' in validated_data
 
@@ -935,6 +937,7 @@ def update(self, instance, validated_data):
                 auth=auth,
                 save=True,
             )
+            instance.owner.check_spam(user, {'addons_forward_node_settings__url'}, get_headers_from_request(request))
 
         return instance
 

diff --git a/osf/models/mixins.py b/osf/models/mixins.py
@@ -1593,7 +1593,8 @@ def _get_spam_content(self, saved_fields):
         spam_fields = self.get_spam_fields(saved_fields)
         content = []
         for field in spam_fields:
-            content.append((getattr(self, field, None) or '').encode('utf-8'))
+            values = list(self.__class__.objects.filter(id=self.id).values_list(field, flat=True))
+            content.append((' '.join(values) or '').encode('utf-8'))
         if self.all_tags.exists():
             content.extend([name.encode('utf-8') for name in self.all_tags.values_list('name', flat=True)])
         if not content:

diff --git a/osf/models/node.py b/osf/models/node.py
@@ -282,6 +282,7 @@ class AbstractNode(DirtyFieldsMixin, TypedModel, AddonModelMixin, IdentifierMixi
     SPAM_CHECK_FIELDS = {
         'title',
         'description',
+        'addons_forward_node_settings__url'  # the often spammed redirect URL
     }
 
     # Fields that are writable by Node.update