From 2e1b3cc3462d4f7ebf73503f1bac2ba7574c6dea Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Rados=C5=82aw=20Gierwia=C5=82o?= Date: Sat, 6 Dec 2025 12:50:37 +0100 Subject: [PATCH] fix(tests): make Turnstile CAPTCHA optional for tests - Turnstile validation only required when TURNSTILE_SECRET_KEY is set - Allows tests to run without CAPTCHA in test environment - Fixes matching-runs-audit test failures caused by missing turnstileToken - Update validators.js to conditionally require turnstileToken - Update auth.js controller to skip verification when not configured --- backend/src/controllers/auth.js | 44 +++++++++++++++------------- backend/src/middleware/validators.js | 7 +++-- 2 files changed, 27 insertions(+), 24 deletions(-) diff --git a/backend/src/controllers/auth.js b/backend/src/controllers/auth.js index 3e8ea2d..83fe035 100644 --- a/backend/src/controllers/auth.js +++ b/backend/src/controllers/auth.js @@ -18,35 +18,37 @@ async function register(req, res, next) { try { const { username, email, password, firstName, lastName, wsdcId, turnstileToken } = req.body; - // Verify Turnstile token + // Verify Turnstile token (only if TURNSTILE_SECRET_KEY is configured) const turnstileSecret = process.env.TURNSTILE_SECRET_KEY; - const turnstileVerifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; + if (turnstileSecret && turnstileToken) { + const turnstileVerifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; - try { - const turnstileResponse = await fetch(turnstileVerifyUrl, { - method: 'POST', - headers: { 'Content-Type': 'application/json' }, - body: JSON.stringify({ - secret: turnstileSecret, - response: turnstileToken, - remoteip: getClientIP(req), - }), - }); + try { + const turnstileResponse = await fetch(turnstileVerifyUrl, { + method: 'POST', + headers: { 'Content-Type': 'application/json' }, + body: JSON.stringify({ + secret: turnstileSecret, + response: turnstileToken, + remoteip: getClientIP(req), + }), + }); - const turnstileResult = await turnstileResponse.json(); + const turnstileResult = await turnstileResponse.json(); - if (!turnstileResult.success) { - return res.status(400).json({ + if (!turnstileResult.success) { + return res.status(400).json({ + success: false, + error: 'CAPTCHA verification failed. Please try again.', + }); + } + } catch (turnstileError) { + console.error('Turnstile verification error:', turnstileError); + return res.status(500).json({ success: false, error: 'CAPTCHA verification failed. Please try again.', }); } - } catch (turnstileError) { - console.error('Turnstile verification error:', turnstileError); - return res.status(500).json({ - success: false, - error: 'CAPTCHA verification failed. Please try again.', - }); } // Check if user already exists diff --git a/backend/src/middleware/validators.js b/backend/src/middleware/validators.js index 285c0eb..884fdfd 100644 --- a/backend/src/middleware/validators.js +++ b/backend/src/middleware/validators.js @@ -74,9 +74,10 @@ const registerValidation = [ .trim() .matches(/^\d{1,10}$/) .withMessage('WSDC ID must be numeric (max 10 digits)'), - body('turnstileToken') - .notEmpty() - .withMessage('CAPTCHA verification is required'), + // Turnstile CAPTCHA (only required if TURNSTILE_SECRET_KEY is set) + ...(process.env.TURNSTILE_SECRET_KEY + ? [body('turnstileToken').notEmpty().withMessage('CAPTCHA verification is required')] + : []), handleValidationErrors, ];