feat(resources): add captcha validation on request demo mutation

sudip-khanal · sudip-khanal · commit 5f7827f28fbf · 2026-03-25T15:40:14.000+05:45
diff --git a/apps/resources/graphql/inputs.py b/apps/resources/graphql/inputs.py
@@ -1,7 +1,4 @@
 import strawberry
-import strawberry_django
-
-from apps.resources.models import RequestDemo
 
 
 @strawberry.input
@@ -14,10 +11,12 @@ class ContactRequestInput:
     captcha_code: str
 
 
-@strawberry_django.input(RequestDemo)
+@strawberry.input
 class RequestDemoInput:
-    name: strawberry.auto
-    email: strawberry.auto
-    content: strawberry.auto
-    national_society: strawberry.auto
+    name: str
+    email: str
+    content: str
+    national_society: str
     tool: int
+    captcha_hashkey: str
+    captcha_code: str
diff --git a/apps/resources/serializers.py b/apps/resources/serializers.py
@@ -29,7 +29,10 @@ def create(self, validated_data: dict[str, typing.Any]):
         return super().create(validated_data)
 
 
-class RequestDemoSerializer(serializers.ModelSerializer):
+class RequestDemoSerializer(CaptchaModelSerializer):
+    captcha_code = serializers.CharField(write_only=True)
+    captcha_hashkey = serializers.CharField(write_only=True)
+
     tool = serializers.PrimaryKeyRelatedField(
         queryset=Tool.objects.all(),
     )
@@ -42,4 +45,12 @@ class Meta:
             "national_society",
             "content",
             "tool",
+            "captcha_code",
+            "captcha_hashkey",
         )
+
+    @typing.override
+    def create(self, validated_data: dict[str, typing.Any]):
+        validated_data.pop("captcha_code", None)
+        validated_data.pop("captcha_hashkey", None)
+        return super().create(validated_data)
diff --git a/apps/resources/tests/mutation_test.py b/apps/resources/tests/mutation_test.py
@@ -165,12 +165,18 @@ def _create_tool_demo_request_mutation(self, data: dict[str, str | int], **kwarg
         )
 
     def test_create_tool_demo_request(self):
+        captcha_key = CaptchaStore.generate_key()
+        captcha_obj = CaptchaStore.objects.get(hashkey=captcha_key)
+        captcha_code = captcha_obj.response
+
         tool_demo_request_data = {
             "name": "John",
             "email": "john@test.com",
             "nationalSociety": "Test National Society",
             "content": "This is test content",
             "tool": self.tool.id,
+            "captchaHashkey": captcha_key,
+            "captchaCode": captcha_code,
         }
 
         content = self._create_tool_demo_request_mutation(data=tool_demo_request_data)
@@ -190,3 +196,39 @@ def test_create_tool_demo_request(self):
                 "pk": self.gID(demo_request.tool.pk),
             },
         }
+
+    def test_create_tool_demo_request_without_captcha(self):
+        tool_demo_request_data = {
+            "name": "John",
+            "email": "john@test.com",
+            "nationalSociety": "Test National Society",
+            "content": "This is test content",
+            "tool": self.tool.id,
+            "captchaHashkey": "",
+            "captchaCode": "",
+        }
+
+        content = self._create_tool_demo_request_mutation(data=tool_demo_request_data)
+        response = content["data"]["createDemoRequest"]
+
+        assert response["ok"] is False
+        assert response["result"] is None
+
+        assert response["errors"] == [
+            {
+                "field": "captchaCode",
+                "client_id": None,
+                "messages": "This field may not be blank.",
+                "object_errors": None,
+                "array_errors": None,
+                "pydantic_errors": None,
+            },
+            {
+                "field": "captchaHashkey",
+                "client_id": None,
+                "messages": "This field may not be blank.",
+                "object_errors": None,
+                "array_errors": None,
+                "pydantic_errors": None,
+            },
+        ]
diff --git a/schema.graphql b/schema.graphql
@@ -280,15 +280,14 @@ type RecommendationResultTypeOffsetPaginated {
   results: [RecommendationResultType!]!
 }
 
-"""
-Model representing contact where anyone can request the tool demo to the admins.
-"""
 input RequestDemoInput {
   name: String!
   email: String!
-  content: String
+  content: String!
   nationalSociety: String!
   tool: Int!
+  captchaHashkey: String!
+  captchaCode: String!
 }
 
 """
