CodeCow/stack
1
0
Fork 0
mirror of https://github.com/stack-auth/stack.git synced 2026-06-13 21:01:21 +08:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
cbd945e3a6
stack/apps/e2e/tests
History
Mantra cbd945e3a6
[codex] Fix Neon malformed Basic auth validation (#1381) 
## What changed

This fixes Sentry issue
[STACK-BACKEND-1A3](https://stackframe-pw.sentry.io/issues/7436639623/?project=4507442898272256&query=is%3Aunresolved&referrer=issue-stream&seerDrawer=true).

A request with this malformed header:

```http
Authorization: Basic
```

used to crash the Neon auth validator with a `StackAssertionError`,
which turned a bad client request into a 500.

The fix makes `neonAuthorizationHeaderSchema` only validate Neon client
credentials after the Basic auth header successfully decodes. If
decoding fails, the Neon-specific validator returns `true` and lets
`basicAuthorizationHeaderSchema` produce the intended 400 schema error:
`Authorization header must be in the format "Basic <base64>"`.

## Reviewer walkthrough

There are two checks chained together:

1. `basicAuthorizationHeaderSchema` checks that the header is
structurally valid Basic auth.
2. `neonAuthorizationHeaderSchema` checks that the decoded
`client_id:client_secret` matches a configured Neon client.

Yup may still run the second check after the first one has failed,
because route validation collects errors with `abortEarly: false`. The
old code assumed the first check had already passed and called
`throwErr(...)` when decoding returned `null`. This PR changes that path
to return `true`, because the format error is already owned by the first
check.

## Tests

- `pnpm -C packages/stack-shared exec vitest run --maxWorkers=1
--minWorkers=1 src/schema-fields.ts`
- `pnpm -C apps/e2e exec vitest run --maxWorkers=1 --minWorkers=1
tests/backend/endpoints/api/v1/integrations/neon/projects/transfer.test.ts
-t "malformed"`
- `pnpm -C packages/stack-shared lint`
- `pnpm -C packages/stack-shared typecheck`
- `pnpm -C apps/e2e lint`
- `pnpm -C apps/e2e typecheck`

<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Enhanced authorization header validation in API endpoints with
improved error handling, ensuring malformed credentials return clear,
specific validation error messages.

* **Tests**
* Added comprehensive end-to-end test coverage for API request
validation, including edge cases for authorization headers.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-04-24 11:59:18 -07:00
..
backend [codex] Fix Neon malformed Basic auth validation (#1381) 2026-04-24 11:59:18 -07:00
general Skip Swift tests temporarily 2026-04-18 17:32:41 -07:00
helpers Customizable ports (#962) 2025-10-20 15:24:47 -07:00
js Payments bulldozer txn rework (#1315) 2026-04-17 22:11:21 +00:00
global-setup.ts External db sync (#1036) 2026-02-05 12:04:31 -08:00
globals.d.ts Upgrade backend to Next.js 15 (#360) 2024-12-10 00:11:13 -08:00
helpers.ts [Fix] Flaky Neon, Email Delivery, and Other Tests (#1235) 2026-03-10 14:02:41 -07:00
setup.ts Email outbox backend (#1030) 2025-12-12 10:26:38 -08:00
snapshot-serializer.ts Sign up rules (#1138) 2026-02-03 11:08:24 -08:00