mirror of
https://github.com/stack-auth/stack.git
synced 2026-06-19 21:00:40 +08:00
e59a70783e
Enhances sign-up process with Turnstile integration for fraud protection. Builds on top of fraud-protection-temp-emails. Made with [Cursor](https://cursor.com) <!-- This is an auto-generated comment: release notes by coderabbit.ai --> ## Summary by CodeRabbit * **New Features** * Cloudflare Turnstile bot-protection across signup/sign-in flows (including SDK JSON mode). * Email deliverability checks via Emailable. * Sign-up risk scoring with persisted risk metrics and country code tracking. * UI: country-code selector, risk-score editing in user details, users list refresh button, and Turnstile signup demo pages. * **Bug Fixes** * Use actual sign-up timestamp for reporting/metrics. * **Documentation** * Expanded knowledge base on Turnstile, risk scoring, and env configuration. <!-- end of auto-generated comment: release notes by coderabbit.ai --> --------- Co-authored-by: Konstantin Wohlwend <n2d4xc@gmail.com> Co-authored-by: BilalG1 <bg2002@gmail.com> Co-authored-by: Armaan Jain <84474476+Developing-Gamer@users.noreply.github.com> Co-authored-by: nams1570 <amanganapathy@gmail.com>
56 lines
1.5 KiB
TypeScript
56 lines
1.5 KiB
TypeScript
import { it, localRedirectUrl } from "../helpers";
|
|
import { createApp } from "./js-helpers";
|
|
|
|
it("adds provider_scope from oauthScopesOnSignIn for authenticate flow", async ({ expect }) => {
|
|
const { clientApp } = await createApp(
|
|
{
|
|
config: {
|
|
oauthProviders: [
|
|
{
|
|
id: "github",
|
|
type: "standard",
|
|
clientId: "test_client_id",
|
|
clientSecret: "test_client_secret",
|
|
},
|
|
],
|
|
},
|
|
},
|
|
{
|
|
client: {
|
|
oauthScopesOnSignIn: {
|
|
github: ["repo"],
|
|
},
|
|
},
|
|
}
|
|
);
|
|
|
|
// Patch window/document and call the real SDK API (signInWithOAuth)
|
|
const previousWindow = globalThis.window;
|
|
const previousDocument = globalThis.document;
|
|
let assignedUrl: string | null = null;
|
|
globalThis.document = { cookie: "", createElement: () => ({}) } as any;
|
|
globalThis.window = {
|
|
location: {
|
|
href: localRedirectUrl,
|
|
assign: (url: string) => {
|
|
assignedUrl = url;
|
|
throw new Error("INTENTIONAL_TEST_ABORT");
|
|
},
|
|
},
|
|
} as any;
|
|
|
|
try {
|
|
await expect(clientApp.signInWithOAuth("github")).rejects.toThrowError("INTENTIONAL_TEST_ABORT");
|
|
} finally {
|
|
globalThis.window = previousWindow;
|
|
globalThis.document = previousDocument;
|
|
}
|
|
|
|
// The SDK now receives the OAuth provider URL directly via JSON response
|
|
const oauthUrl = new URL(assignedUrl!);
|
|
const scope = decodeURIComponent(oauthUrl.searchParams.get("scope")!);
|
|
expect(scope).toBe("user:email repo");
|
|
}, { timeout: 40_000 });
|
|
|
|
|