fix: fixed handling successful enterprise validator response (INVALID_REASON_UNSPECIFIED).

chvarkov · chvarkov · commit d702bd227e7a · 2022-09-07T20:45:41.000Z
diff --git a/src/google-recaptcha.module.ts b/src/google-recaptcha.module.ts
@@ -154,7 +154,7 @@ export class GoogleRecaptchaModule {
 			return {
 				provide: RECAPTCHA_OPTIONS,
 				useFactory: options.useFactory,
-				inject: options.inject || [],
+				inject: options.inject,
 			};
 		}
 
diff --git a/src/services/enterprise-reason.transformer.ts b/src/services/enterprise-reason.transformer.ts
@@ -4,29 +4,27 @@ import { ErrorCode } from '../enums/error-code';
 
 @Injectable()
 export class EnterpriseReasonTransformer {
-	transform(errCode: GoogleRecaptchaEnterpriseReason): ErrorCode {
+	transform(errCode: GoogleRecaptchaEnterpriseReason): ErrorCode | null {
 		switch (errCode) {
 			case GoogleRecaptchaEnterpriseReason.BrowserError:
 				return ErrorCode.BrowserError;
 
-			case GoogleRecaptchaEnterpriseReason.UnknownInvalidReason:
-				return ErrorCode.UnknownError;
-
 			case GoogleRecaptchaEnterpriseReason.SiteMismatch:
 				return ErrorCode.SiteMismatch;
 
 			case GoogleRecaptchaEnterpriseReason.Expired:
 			case GoogleRecaptchaEnterpriseReason.Dupe:
 				return ErrorCode.TimeoutOrDuplicate;
 
+			case GoogleRecaptchaEnterpriseReason.UnknownInvalidReason:
 			case GoogleRecaptchaEnterpriseReason.Malformed:
 				return ErrorCode.InvalidInputResponse;
 
 			case GoogleRecaptchaEnterpriseReason.Missing:
 				return ErrorCode.MissingInputResponse;
 
 			case GoogleRecaptchaEnterpriseReason.InvalidReasonUnspecified:
-				return ErrorCode.UnknownError;
+				return null;
 
 			default:
 				return ErrorCode.UnknownError;
diff --git a/src/services/validators/google-recaptcha-enterprise.validator.ts b/src/services/validators/google-recaptcha-enterprise.validator.ts
@@ -35,28 +35,30 @@ export class GoogleRecaptchaEnterpriseValidator extends AbstractGoogleRecaptchaV
 		const errors: ErrorCode[] = [];
 		let success = result?.tokenProperties?.valid || false;
 
-		if (!success) {
-			errors.push(ErrorCode.InvalidInputResponse);
-		}
-
-		if (errorDetails) {
-			errors.push(ErrorCode.UnknownError);
-		}
+		if (!errorDetails) {
+			if (result.tokenProperties) {
+				if (result.tokenProperties.invalidReason) {
+					const invalidReasonCode = this.enterpriseReasonTransformer.transform(result.tokenProperties.invalidReason);
+
+					if (invalidReasonCode) {
+						errors.push(invalidReasonCode);
+					}
+				}
 
-		if (result?.tokenProperties) {
-			if (result.tokenProperties.invalidReason) {
-				errors.push(this.enterpriseReasonTransformer.transform(result.tokenProperties.invalidReason));
+				if (success && !this.isValidAction(result.tokenProperties.action, options)) {
+					success = false;
+					errors.push(ErrorCode.ForbiddenAction);
+				}
 			}
 
-			if (!this.isValidAction(result.tokenProperties.action, options)) {
+			if (result.riskAnalysis && !this.isValidScore(result.riskAnalysis.score, options.score)) {
 				success = false;
-				errors.push(ErrorCode.ForbiddenAction);
+				errors.push(ErrorCode.LowScore);
 			}
 		}
 
-		if (result.riskAnalysis && !this.isValidScore(result.riskAnalysis.score, options.score)) {
-			success = false;
-			errors.push(ErrorCode.LowScore);
+		if (!success && !errors.length) {
+			errorDetails ? errors.push(ErrorCode.UnknownError) : errors.push(ErrorCode.InvalidInputResponse);
 		}
 
 		return new RecaptchaVerificationResult({
diff --git a/test/assets/test-error-filter.ts b/test/assets/test-error-filter.ts
@@ -0,0 +1,24 @@
+import { ArgumentsHost, Catch, ExceptionFilter } from '@nestjs/common';
+import { GoogleRecaptchaException } from '../../src';
+import { Response } from 'express';
+
+@Catch(Error)
+export class TestErrorFilter implements ExceptionFilter {
+	catch(exception: Error, host: ArgumentsHost): void {
+		const res: Response = host.switchToHttp().getResponse();
+
+		if (exception instanceof GoogleRecaptchaException) {
+			res.status(exception.getStatus()).send({
+				errorCodes: exception.errorCodes,
+			});
+
+			return;
+		}
+
+		res.status(500).send({
+			name: exception.name,
+			message: exception.message,
+			stack: exception.stack,
+		});
+	}
+}
diff --git a/test/enterprise-reason.transformer.spec.ts b/test/enterprise-reason.transformer.spec.ts
@@ -6,8 +6,8 @@ describe('EnterpriseReasonTransformer', () => {
 	const transformer = new EnterpriseReasonTransformer();
 
 	const expectedMap: Map<GoogleRecaptchaEnterpriseReason, ErrorCode> = new Map<GoogleRecaptchaEnterpriseReason, ErrorCode>([
-		[GoogleRecaptchaEnterpriseReason.InvalidReasonUnspecified, ErrorCode.UnknownError],
-		[GoogleRecaptchaEnterpriseReason.UnknownInvalidReason, ErrorCode.UnknownError],
+		[GoogleRecaptchaEnterpriseReason.InvalidReasonUnspecified, null],
+		[GoogleRecaptchaEnterpriseReason.UnknownInvalidReason, ErrorCode.InvalidInputResponse],
 		[GoogleRecaptchaEnterpriseReason.Malformed, ErrorCode.InvalidInputResponse],
 		[GoogleRecaptchaEnterpriseReason.Expired, ErrorCode.TimeoutOrDuplicate],
 		[GoogleRecaptchaEnterpriseReason.Dupe, ErrorCode.TimeoutOrDuplicate],
diff --git a/test/integrations/graphql/graphql-recaptcha-v2-v3.spec.ts b/test/integrations/graphql/graphql-recaptcha-v2-v3.spec.ts
@@ -7,11 +7,9 @@ import { MockedRecaptchaApi } from '../../utils/mocked-recaptcha-api';
 import { VerifyResponseV3 } from '../../../src/interfaces/verify-response';
 import { TestHttp } from '../../utils/test-http';
 import { IncomingMessage } from 'http';
-import { Args, Field, GraphQLModule, InputType, Mutation, ObjectType, Parent, Query, ResolveField, Resolver } from '@nestjs/graphql';
+import { Args, Field, GraphQLModule, InputType, Mutation, ObjectType, Query, Resolver } from '@nestjs/graphql';
 import { ApolloDriver, ApolloDriverConfig } from '@nestjs/apollo';
 import * as path from 'path';
-import { GraphQLSchemaBuilder } from '@nestjs/graphql/dist/graphql-schema.builder';
-import { GraphQLSchema } from 'graphql';
 
 @InputType()
 export class FeedbackInput {
diff --git a/test/integrations/http-recaptcha-enterprice.spec.ts b/test/integrations/http-recaptcha-enterprice.spec.ts
@@ -1,5 +1,5 @@
 import { Controller, INestApplication, LiteralObject, Post } from '@nestjs/common';
-import { ClassificationReason, GoogleRecaptchaModule, Recaptcha, RecaptchaResult, RecaptchaVerificationResult } from '../../src';
+import { ClassificationReason, ErrorCode, GoogleRecaptchaModule, Recaptcha, RecaptchaResult, RecaptchaVerificationResult } from '../../src';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Request } from 'express';
 import { RECAPTCHA_HTTP_SERVICE } from '../../src/provider.declarations';
@@ -9,6 +9,7 @@ import { VerifyResponseV2 } from '../../src/interfaces/verify-response';
 import { TestHttp } from '../utils/test-http';
 import { VerifyResponseEnterprise } from '../../src/interfaces/verify-response-enterprise';
 import { GoogleRecaptchaEnterpriseReason } from '../../src/enums/google-recaptcha-enterprise-reason';
+import { TestErrorFilter } from '../assets/test-error-filter';
 
 @Controller('test')
 class TestController {
@@ -64,6 +65,8 @@ describe('HTTP Recaptcha Enterprise', () => {
 
 		app = module.createNestApplication();
 
+		app.useGlobalFilters(new TestErrorFilter());
+
 		await app.init();
 
 		http = new TestHttp(app.getHttpServer());
@@ -108,6 +111,42 @@ describe('HTTP Recaptcha Enterprise', () => {
 		expect(res.body.success).toBe(true);
 	});
 
+	test('Enterprise token malformed', async () => {
+		mockedRecaptchaApi.addResponse<VerifyResponseEnterprise>('test_enterprise_token_malformed', {
+			name: 'name',
+			event: {
+				userIpAddress: '0.0.0.0',
+				siteKey: 'siteKey',
+				userAgent: 'UA',
+				token: '',
+				hashedAccountId: '',
+				expectedAction: 'Submit',
+			},
+			tokenProperties: {
+				valid: false,
+				invalidReason: GoogleRecaptchaEnterpriseReason.Malformed,
+				hostname: '',
+				action: '',
+				createTime: '1970-01-01T00:00:00Z',
+			},
+		});
+
+		const res: request.Response = await http.post(
+			'/test/submit',
+			{},
+			{
+				headers: {
+					Recaptcha: 'test_enterprise_token_malformed',
+				},
+			}
+		);
+
+		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.InvalidInputResponse);
+	});
+
 	test('Enterprise without token properties', async () => {
 		mockedRecaptchaApi.addResponse<VerifyResponseEnterprise>('test_enterprise_without_token_props', {
 			name: 'name',
@@ -132,6 +171,10 @@ describe('HTTP Recaptcha Enterprise', () => {
 		);
 
 		expect(res.statusCode).toBe(400);
+
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.InvalidInputResponse);
 	});
 
 	test('Enterprise API error', async () => {
@@ -150,6 +193,10 @@ describe('HTTP Recaptcha Enterprise', () => {
 		);
 
 		expect(res.statusCode).toBe(500);
+
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.UnknownError);
 	});
 
 	test('Enterprise Network error', async () => {
@@ -168,6 +215,10 @@ describe('HTTP Recaptcha Enterprise', () => {
 		);
 
 		expect(res.statusCode).toBe(500);
+
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.NetworkError);
 	});
 
 	test('Enterprise Expired token', async () => {
@@ -205,6 +256,10 @@ describe('HTTP Recaptcha Enterprise', () => {
 		);
 
 		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(2);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.TimeoutOrDuplicate);
+		expect(res.body.errorCodes[1]).toBe(ErrorCode.ForbiddenAction);
 	});
 
 	test('Enterprise Invalid action', async () => {
@@ -277,5 +332,48 @@ describe('HTTP Recaptcha Enterprise', () => {
 		);
 
 		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.LowScore);
+	});
+
+	test('Enterprise Invalid reason unspecified + low score', async () => {
+		mockedRecaptchaApi.addResponse<VerifyResponseEnterprise>('test_enterprise_inv_reason_unspecified_low_score', {
+			name: 'name',
+			event: {
+				token: 'token',
+				siteKey: 'siteKey',
+				userAgent: '',
+				userIpAddress: '',
+				expectedAction: 'Submit',
+				hashedAccountId: '',
+			},
+			riskAnalysis: {
+				score: 0.6,
+				reasons: [],
+			},
+			tokenProperties: {
+				valid: true,
+				invalidReason: GoogleRecaptchaEnterpriseReason.InvalidReasonUnspecified,
+				hostname: 'localhost',
+				action: 'Submit',
+				createTime: '2022-09-07T19:53:55.566Z',
+			},
+		});
+
+		const res: request.Response = await http.post(
+			'/test/submit',
+			{},
+			{
+				headers: {
+					Recaptcha: 'test_enterprise_inv_reason_unspecified_low_score',
+				},
+			}
+		);
+
+		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.LowScore);
 	});
 });
diff --git a/test/integrations/http-recaptcha-v2-v3.spec.ts b/test/integrations/http-recaptcha-v2-v3.spec.ts
@@ -1,12 +1,13 @@
 import { Controller, INestApplication, LiteralObject, Post } from '@nestjs/common';
-import { GoogleRecaptchaModule, Recaptcha, RecaptchaResult, RecaptchaVerificationResult } from '../../src';
+import { ErrorCode, GoogleRecaptchaModule, Recaptcha, RecaptchaResult, RecaptchaVerificationResult } from '../../src';
 import { Test, TestingModule } from '@nestjs/testing';
 import { Request } from 'express';
 import { RECAPTCHA_HTTP_SERVICE } from '../../src/provider.declarations';
 import * as request from 'supertest';
 import { MockedRecaptchaApi } from '../utils/mocked-recaptcha-api';
 import { VerifyResponseV2, VerifyResponseV3 } from '../../src/interfaces/verify-response';
 import { TestHttp } from '../utils/test-http';
+import { TestErrorFilter } from '../assets/test-error-filter';
 
 @Controller('test')
 class TestController {
@@ -55,6 +56,8 @@ describe('HTTP Recaptcha V2 V3', () => {
 
 		app = module.createNestApplication();
 
+		app.useGlobalFilters(new TestErrorFilter());
+
 		await app.init();
 
 		http = new TestHttp(app.getHttpServer());
@@ -100,6 +103,9 @@ describe('HTTP Recaptcha V2 V3', () => {
 		);
 
 		expect(res.statusCode).toBe(500);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.UnknownError);
 	});
 
 	test('V2 Network error', async () => {
@@ -165,6 +171,9 @@ describe('HTTP Recaptcha V2 V3', () => {
 		);
 
 		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.ForbiddenAction);
 	});
 
 	test('V3 Low score', async () => {
@@ -188,5 +197,8 @@ describe('HTTP Recaptcha V2 V3', () => {
 		);
 
 		expect(res.statusCode).toBe(400);
+		expect(res.body.errorCodes).toBeDefined();
+		expect(res.body.errorCodes.length).toBe(1);
+		expect(res.body.errorCodes[0]).toBe(ErrorCode.LowScore);
 	});
 });

Original file line number	Diff line number	Diff line change
`@@ -154,7 +154,7 @@ export class GoogleRecaptchaModule {`
`154`	`154`	`return {`
`155`	`155`	`provide: RECAPTCHA_OPTIONS,`
`156`	`156`	`useFactory: options.useFactory,`
`157`		`- inject: options.inject \|\| [],`
	`157`	`+ inject: options.inject,`
`158`	`158`	`};`
`159`	`159`	`}`
`160`	`160`