Merge branch '330210-aqualls-spam-ui-text' into 'master'

Revise text on anti-spam UI page

See merge request gitlab-org/gitlab!70336

app/views/admin/application_settings/_spam.html.haml

@@ -2,6 +2,11 @@
   = form_errors(@application_setting)
 
   %fieldset
+    %h5
+      = _('reCAPTCHA')
+    %p
+      = _('reCAPTCHA helps prevent credential stuffing.')
+      = link_to _('Only reCAPTCHA v2 is supported:'), 'https://developers.google.com/recaptcha/docs/versions', target: '_blank', rel: 'noopener noreferrer'
     .form-group
       .form-check
         = f.check_box :recaptcha_enabled, class: 'form-check-input'
@@ -9,25 +14,31 @@
           = _("Enable reCAPTCHA")
         %span.form-text.text-muted#recaptcha_help_block
           = _('Helps prevent bots from creating accounts.')
+          = link_to _('How do I configure it?'), help_page_path('integration/recaptcha.md'), target: '_blank', rel: 'noopener noreferrer'
     .form-group
       .form-check
         = f.check_box :login_recaptcha_protection_enabled, class: 'form-check-input'
         = f.label :login_recaptcha_protection_enabled, class: 'form-check-label' do
-          = _("Enable reCAPTCHA for login")
+          = _('Enable reCAPTCHA for login.')
         %span.form-text.text-muted#recaptcha_help_block
           = _('Helps prevent bots from brute-force attacks.')
     .form-group
-      = f.label :recaptcha_site_key, _('reCAPTCHA Site Key'), class: 'label-bold'
+      = f.label :recaptcha_site_key, _('reCAPTCHA site key'), class: 'label-bold'
       = f.text_field :recaptcha_site_key, class: 'form-control gl-form-input'
       .form-text.text-muted
         = _("Generate site and private keys at")
         %a{ href: 'http://www.google.com/recaptcha', target: 'blank' } http://www.google.com/recaptcha
 
     .form-group
-      = f.label :recaptcha_private_key, _('reCAPTCHA Private Key'), class: 'label-bold'
-    .form-group
+      = f.label :recaptcha_private_key, _('reCAPTCHA private key'), class: 'label-bold'
       = f.text_field :recaptcha_private_key, class: 'form-control gl-form-input'
 
+    %h5
+      = _('Invisible Captcha')
+    %p
+      = _('Invisible Captcha helps prevent the creation of spam accounts. It adds a honeypot field and time-sensitive form submission to the account signup form.')
+      = link_to _('Read their documentation.'), 'https://github.com/markets/invisible_captcha', target: '_blank', rel: 'noopener noreferrer'
+
     .form-group
       .form-check
         = f.check_box :invisible_captcha_enabled, class: 'form-check-input'
@@ -36,12 +47,18 @@
         %span.form-text.text-muted
           = _('Helps prevent bots from creating accounts.')
 
+    %h5
+      = _('Akismet')
+    %p
+      = _('Akismet helps prevent the creation of spam issues in public projects.')
+      = link_to _('How do I configure Akismet?'), help_page_path('integration/akismet.md'), target: '_blank', rel: 'noopener noreferrer'
+
     .form-group
       .form-check
         = f.check_box :akismet_enabled, class: 'form-check-input'
         = f.label :akismet_enabled, class: 'form-check-label' do
           Enable Akismet
-        %span.form-text.text-muted#akismet_help_block= _("Helps prevent bots from creating issues")
+        %span.form-text.text-muted#akismet_help_block= _("Helps prevent bots from creating issues.")
 
     .form-group
       = f.label :akismet_api_key, _('Akismet API Key'), class: 'label-bold'
@@ -50,25 +67,31 @@
         Generate API key at
         %a{ href: 'http://www.akismet.com', target: 'blank' } http://www.akismet.com
 
+    %h5
+      = _('IP address restrictions')
+
     .form-group
       .form-check
         = f.check_box :unique_ips_limit_enabled, class: 'form-check-input'
         = f.label :unique_ips_limit_enabled, class: 'form-check-label' do
-          = _("Limit sign in from multiple ips")
+          = _("Limit sign in from multiple IP addresses")
         %span.form-text.text-muted#unique_ip_help_block
-          = _("Helps prevent malicious users hide their activity")
+          = _("Helps prevent malicious users hide their activity.")
 
     .form-group
-      = f.label :unique_ips_limit_per_user, _('IPs per user'), class: 'label-bold'
+      = f.label :unique_ips_limit_per_user, _('IP addresses per user'), class: 'label-bold'
       = f.number_field :unique_ips_limit_per_user, class: 'form-control gl-form-input'
       .form-text.text-muted
-        = _("Maximum number of unique IPs per user")
+        = _("Maximum number of unique IP addresses per user.")
 
     .form-group
-      = f.label :unique_ips_limit_time_window, _('IP expiration time'), class: 'label-bold'
+      = f.label :unique_ips_limit_time_window, _('IP address expiration time'), class: 'label-bold'
       = f.number_field :unique_ips_limit_time_window, class: 'form-control gl-form-input'
       .form-text.text-muted
-        = _("How many seconds an IP will be counted towards the limit")
+        = _("How many seconds an IP counts toward the IP address limit.")
+
+    %h5
+      = _('Spam Check')
 
     .form-group
       .form-check
@@ -79,8 +102,8 @@
       = f.label :spam_check_endpoint_url, _('URL of the external Spam Check endpoint'), class: 'label-bold'
       = f.text_field :spam_check_endpoint_url, class: 'form-control gl-form-input'
     .form-group
-      = f.label :spam_check_api_key, _('Spam Check API Key'), class: 'gl-font-weight-bold'
+      = f.label :spam_check_api_key, _('Spam Check API key'), class: 'gl-font-weight-bold'
       = f.text_field :spam_check_api_key, class: 'form-control gl-form-input'
-      .form-text.text-muted= _('The API key used by GitLab for accessing the Spam Check service endpoint')
+      .form-text.text-muted= _('The API key used by GitLab for accessing the Spam Check service endpoint.')
 
   = f.submit _('Save changes'), class: "gl-button btn btn-confirm"

app/views/admin/application_settings/reporting.html.haml

@@ -9,9 +9,7 @@
     %button.btn.gl-button.btn-default.js-settings-toggle{ type: 'button' }
       = expanded_by_default? ? _('Collapse') : _('Expand')
     %p
-      - recaptcha_v2_link_url = 'https://developers.google.com/recaptcha/docs/versions'
-      - recaptcha_v2_link_start = '<a href="%{url}" target="_blank" rel="noopener noreferrer">'.html_safe % { url: recaptcha_v2_link_url }
-      = _('Enable reCAPTCHA, Invisible Captcha, Akismet and set IP limits. For reCAPTCHA, we currently only support %{recaptcha_v2_link_start}v2%{recaptcha_v2_link_end}').html_safe % { recaptcha_v2_link_start: recaptcha_v2_link_start, recaptcha_v2_link_end: '</a>'.html_safe }
+      = _('Configure CAPTCHAs, IP address limits, and other anti-spam measures.')
   .settings-content
     = render 'spam'
 

locale/gitlab.pot

@@ -2915,9 +2915,15 @@ msgstr ""
 msgid "After you've reviewed these contribution guidelines, you'll be all set to"
 msgstr ""
 
+msgid "Akismet"
+msgstr ""
+
 msgid "Akismet API Key"
 msgstr ""
 
+msgid "Akismet helps prevent the creation of spam issues in public projects."
+msgstr ""
+
 msgid "AlertManagement|Acknowledged"
 msgstr ""
 
@@ -8533,6 +8539,9 @@ msgstr ""
 msgid "Configure %{repository_checks_link_start}repository checks%{link_end} and %{housekeeping_link_start}housekeeping%{link_end} on repositories."
 msgstr ""
 
+msgid "Configure CAPTCHAs, IP address limits, and other anti-spam measures."
+msgstr ""
+
 msgid "Configure Dependency Scanning in `.gitlab-ci.yml` using the GitLab managed template. You can [add variable overrides](https://docs.gitlab.com/ee/user/application_security/dependency_scanning/#customizing-the-dependency-scanning-settings) to customize Dependency Scanning settings."
 msgstr ""
 
@@ -12629,10 +12638,7 @@ msgstr ""
 msgid "Enable reCAPTCHA"
 msgstr ""
 
-msgid "Enable reCAPTCHA for login"
-msgstr ""
-
-msgid "Enable reCAPTCHA, Invisible Captcha, Akismet and set IP limits. For reCAPTCHA, we currently only support %{recaptcha_v2_link_start}v2%{recaptcha_v2_link_end}"
+msgid "Enable reCAPTCHA for login."
 msgstr ""
 
 msgid "Enable repository checks"
@@ -16706,10 +16712,10 @@ msgstr ""
 msgid "Helps prevent bots from creating accounts."
 msgstr ""
 
-msgid "Helps prevent bots from creating issues"
+msgid "Helps prevent bots from creating issues."
 msgstr ""
 
-msgid "Helps prevent malicious users hide their activity"
+msgid "Helps prevent malicious users hide their activity."
 msgstr ""
 
 msgid "Helps reduce request volume (for example, from crawlers or abusive bots)"
@@ -16833,6 +16839,12 @@ msgstr ""
 msgid "Housekeeping, export, path, transfer, remove, archive."
 msgstr ""
 
+msgid "How do I configure Akismet?"
+msgstr ""
+
+msgid "How do I configure it?"
+msgstr ""
+
 msgid "How do I configure runners?"
 msgstr ""
 
@@ -16866,7 +16878,7 @@ msgstr ""
 msgid "How many days need to pass between marking entity for deletion and actual removing it."
 msgstr ""
 
-msgid "How many seconds an IP will be counted towards the limit"
+msgid "How many seconds an IP counts toward the IP address limit."
 msgstr ""
 
 msgid "How the job limiter handles jobs exceeding the thresholds specified below. The 'track' mode only logs the jobs. The 'compress' mode compresses the jobs and raises an exception if the compressed size exceeds the limit."
@@ -16956,13 +16968,16 @@ msgstr ""
 msgid "IP Address"
 msgstr ""
 
-msgid "IP expiration time"
+msgid "IP address expiration time"
 msgstr ""
 
-msgid "IP subnet restriction only allowed for top-level groups"
+msgid "IP address restrictions"
+msgstr ""
+
+msgid "IP addresses per user"
 msgstr ""
 
-msgid "IPs per user"
+msgid "IP subnet restriction only allowed for top-level groups"
 msgstr ""
 
 msgid "Identifier"
@@ -18455,6 +18470,12 @@ msgstr ""
 msgid "Investigate vulnerability: %{title}"
 msgstr ""
 
+msgid "Invisible Captcha"
+msgstr ""
+
+msgid "Invisible Captcha helps prevent the creation of spam accounts. It adds a honeypot field and time-sensitive form submission to the account signup form."
+msgstr ""
+
 msgid "Invitation"
 msgstr ""
 
@@ -20314,7 +20335,7 @@ msgstr ""
 msgid "Limit namespaces and projects that can be indexed"
 msgstr ""
 
-msgid "Limit sign in from multiple ips"
+msgid "Limit sign in from multiple IP addresses"
 msgstr ""
 
 msgid "Limit the number of concurrent operations this secondary site can run in the background."
@@ -20958,7 +20979,7 @@ msgstr ""
 msgid "Maximum number of projects."
 msgstr ""
 
-msgid "Maximum number of unique IPs per user"
+msgid "Maximum number of unique IP addresses per user."
 msgstr ""
 
 msgid "Maximum page reached"
@@ -23738,6 +23759,9 @@ msgstr ""
 msgid "Only projects created under a Ultimate license are available in Security Dashboards."
 msgstr ""
 
+msgid "Only reCAPTCHA v2 is supported:"
+msgstr ""
+
 msgid "Only verified users with an email address in any of these domains can be added to the group."
 msgstr ""
 
@@ -27782,6 +27806,9 @@ msgstr ""
 msgid "Read more about related issues"
 msgstr ""
 
+msgid "Read their documentation."
+msgstr ""
+
 msgid "Ready to get started with GitLab? Follow these steps to set up your workspace, plan and commit changes, and deploy your project."
 msgstr ""
 
@@ -31965,7 +31992,10 @@ msgstr ""
 msgid "SourcegraphPreferences|Uses a custom %{linkStart}Sourcegraph instance%{linkEnd}."
 msgstr ""
 
-msgid "Spam Check API Key"
+msgid "Spam Check"
+msgstr ""
+
+msgid "Spam Check API key"
 msgstr ""
 
 msgid "Spam Logs"
@@ -33508,7 +33538,7 @@ msgid_plural "The %{type} contains the following errors:"
 msgstr[0] ""
 msgstr[1] ""
 
-msgid "The API key used by GitLab for accessing the Spam Check service endpoint"
+msgid "The API key used by GitLab for accessing the Spam Check service endpoint."
 msgstr ""
 
 msgid "The GitLab subscription service (customers.gitlab.com) is currently experiencing an outage. You can monitor the status and get updates at %{linkStart}status.gitlab.com%{linkEnd}."
@@ -40764,10 +40794,16 @@ msgstr ""
 msgid "quick actions"
 msgstr ""
 
-msgid "reCAPTCHA Private Key"
+msgid "reCAPTCHA"
+msgstr ""
+
+msgid "reCAPTCHA helps prevent credential stuffing."
+msgstr ""
+
+msgid "reCAPTCHA private key"
 msgstr ""
 
-msgid "reCAPTCHA Site Key"
+msgid "reCAPTCHA site key"
 msgstr ""
 
 msgid "recent activity"

spec/features/admin/admin_settings_spec.rb

@@ -450,14 +450,14 @@ RSpec.describe 'Admin updates settings' do
         visit reporting_admin_application_settings_path
 
         page.within('.as-spam') do
-          fill_in 'reCAPTCHA Site Key', with: 'key'
-          fill_in 'reCAPTCHA Private Key', with: 'key'
+          fill_in 'reCAPTCHA site key', with: 'key'
+          fill_in 'reCAPTCHA private key', with: 'key'
           check 'Enable reCAPTCHA'
           check 'Enable reCAPTCHA for login'
-          fill_in 'IPs per user', with: 15
+          fill_in 'IP addresses per user', with: 15
           check 'Enable Spam Check via external API endpoint'
           fill_in 'URL of the external Spam Check endpoint', with: 'grpc://www.example.com/spamcheck'
-          fill_in 'Spam Check API Key', with: 'SPAM_CHECK_API_KEY'
+          fill_in 'Spam Check API key', with: 'SPAM_CHECK_API_KEY'
           click_button 'Save changes'
         end