radziel/spotlightcam
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix(tests): make Turnstile CAPTCHA optional for tests

Browse Source 
- Turnstile validation only required when TURNSTILE_SECRET_KEY is set
- Allows tests to run without CAPTCHA in test environment
- Fixes matching-runs-audit test failures caused by missing turnstileToken
- Update validators.js to conditionally require turnstileToken
- Update auth.js controller to skip verification when not configured
This commit is contained in:
Radosław Gierwiało
2025-12-06 12:50:37 +01:00
parent f284eb3f2e
commit 2e1b3cc346
2 changed files with 27 additions and 24 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
backend/src/controllers/auth.js
View File

@@ -18,35 +18,37 @@ async function register(req, res, next) {
try { try {
const { username, email, password, firstName, lastName, wsdcId, turnstileToken } = req.body; const { username, email, password, firstName, lastName, wsdcId, turnstileToken } = req.body;
// Verify Turnstile token // Verify Turnstile token (only if TURNSTILE_SECRET_KEY is configured)
const turnstileSecret = process.env.TURNSTILE_SECRET_KEY; const turnstileSecret = process.env.TURNSTILE_SECRET_KEY;
const turnstileVerifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify'; if (turnstileSecret && turnstileToken) {
const turnstileVerifyUrl = 'https://challenges.cloudflare.com/turnstile/v0/siteverify';
try { try {
const turnstileResponse = await fetch(turnstileVerifyUrl, { const turnstileResponse = await fetch(turnstileVerifyUrl, {
method: 'POST', method: 'POST',
headers: { 'Content-Type': 'application/json' }, headers: { 'Content-Type': 'application/json' },
body: JSON.stringify({ body: JSON.stringify({
secret: turnstileSecret, secret: turnstileSecret,
response: turnstileToken, response: turnstileToken,
remoteip: getClientIP(req), remoteip: getClientIP(req),
}), }),
}); });
const turnstileResult = await turnstileResponse.json(); const turnstileResult = await turnstileResponse.json();
if (!turnstileResult.success) { if (!turnstileResult.success) {
return res.status(400).json({ return res.status(400).json({
success: false,
error: 'CAPTCHA verification failed. Please try again.',
});
}
} catch (turnstileError) {
console.error('Turnstile verification error:', turnstileError);
return res.status(500).json({
success: false, success: false,
error: 'CAPTCHA verification failed. Please try again.', error: 'CAPTCHA verification failed. Please try again.',
}); });
} }
} catch (turnstileError) {
console.error('Turnstile verification error:', turnstileError);
return res.status(500).json({
success: false,
error: 'CAPTCHA verification failed. Please try again.',
});
} }
// Check if user already exists // Check if user already exists

7
backend/src/middleware/validators.js
View File

@@ -74,9 +74,10 @@ const registerValidation = [
.trim() .trim()
.matches(/^\d{1,10}$/) .matches(/^\d{1,10}$/)
.withMessage('WSDC ID must be numeric (max 10 digits)'), .withMessage('WSDC ID must be numeric (max 10 digits)'),
body('turnstileToken') // Turnstile CAPTCHA (only required if TURNSTILE_SECRET_KEY is set)
.notEmpty() ...(process.env.TURNSTILE_SECRET_KEY
.withMessage('CAPTCHA verification is required'), ? [body('turnstileToken').notEmpty().withMessage('CAPTCHA verification is required')]
: []),
handleValidationErrors, handleValidationErrors,
]; ];