Skip to content
This repository was archived by the owner on Jun 11, 2025. It is now read-only.

API(auth): validate recaptcha only when environment will be available#375

Merged
nxtcoder17 merged 3 commits into
release-v1.0.8from
update/recaptcha
Oct 1, 2024
Merged

API(auth): validate recaptcha only when environment will be available#375
nxtcoder17 merged 3 commits into
release-v1.0.8from
update/recaptcha

Conversation

@nxtcoder19
Copy link
Copy Markdown
Contributor

@nxtcoder19 nxtcoder19 commented Oct 1, 2024
edited by sourcery-ai Bot
Loading

Summary by Sourcery

Update the authentication service to validate reCAPTCHA only when the necessary environment variables are available, and make certain environment variables optional.

Enhancements:

  • Modify the SignUp and RequestResetPassword functions to conditionally verify CAPTCHA only when specific environment variables are set.

Chores:

  • Change the required status of GoogleCloudProjectId, RecaptchaSiteKey, and GoogleApplicationCredentials environment variables to optional.

@sourcery-ai
Copy link
Copy Markdown

sourcery-ai Bot commented Oct 1, 2024
edited
Loading

Reviewer's Guide by Sourcery

This pull request modifies the authentication service to conditionally validate reCAPTCHA based on the availability of required environment variables. It also changes these environment variables from required to optional.

Sequence Diagram

sequenceDiagram
    participant C as Client
    participant A as Auth Service
    participant R as reCAPTCHA Service
    C->>A: SignUp/RequestResetPassword
    alt Environment variables are set
        A->>R: Verify CAPTCHA
        R-->>A: CAPTCHA result
        alt CAPTCHA valid
            A->>A: Continue with operation
        else CAPTCHA invalid
            A-->>C: CAPTCHA verification failed
        end
    else Environment variables not set
        A->>A: Skip CAPTCHA verification
        A->>A: Continue with operation
    end
    A-->>C: Operation result
Loading

File-Level Changes

Change Details Files
Conditional reCAPTCHA validation
  • Add conditional check for environment variables before CAPTCHA verification
  • Wrap existing CAPTCHA verification logic in an if statement
  • Check for non-empty GoogleCloudProjectId, RecaptchaSiteKey, and GoogleApplicationCredentials
 apps/auth/internal/domain/impl.go
Environment variable requirement changes
  • Change GoogleCloudProjectId from required to optional
  • Change RecaptchaSiteKey from required to optional
  • Change GoogleApplicationCredentials from required to optional
 apps/auth/internal/env/env.go
Tips and commands

Interacting with Sourcery

  • Trigger a new review: Comment @sourcery-ai review on the pull request.
  • Continue discussions: Reply directly to Sourcery's review comments.
  • Generate a GitHub issue from a review comment: Ask Sourcery to create an
    issue from a review comment by replying to it.

Customizing Your Experience

Access your dashboard to:

  • Enable or disable review features such as the Sourcery-generated pull request
    summary, the reviewer's guide, and others.
  • Change the review language.
  • Add, remove or edit custom review instructions.
  • Adjust other review settings.

Getting Help

sourcery-ai[bot]
sourcery-ai Bot reviewed Oct 1, 2024
View reviewed changes
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hey @nxtcoder19 - I've reviewed your changes - here's some feedback:

Overall Comments:

  • Consider introducing a single configuration flag to enable/disable CAPTCHA, rather than checking multiple environment variables at runtime. This would simplify the logic and make the intent clearer.
  • The current implementation introduces code duplication. Consider refactoring to avoid repeating the same condition check in multiple functions.
  • Changing environment variables from required to optional in env.go could lead to silent failures. Consider keeping them required if CAPTCHA is enabled, or provide clear documentation on the implications of these changes.
Here's what I looked at during the review
  • 🟡 General issues: 2 issues found
  • 🟡 Security: 1 issue found
  • 🟢 Testing: all looks good
  • 🟢 Complexity: all looks good
  • 🟢 Documentation: all looks good
Sourcery is free for open source - if you like our reviews please consider sharing them ✨
Help me be more useful! Please click 👍 or 👎 on each comment and I'll use the feedback to improve your reviews.

Comment thread apps/auth/internal/domain/impl.go Outdated
Comment thread apps/auth/internal/domain/impl.go
}

if !isValidCaptcha {
return nil, errors.New("CAPTCHA verification failed")
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Oct 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

suggestion: Update error messages to be context-aware

Now that CAPTCHA is optional, this error message might be confusing if CAPTCHA isn't being used. Consider updating it to something like 'Security verification failed' or make it conditional based on whether CAPTCHA is enabled.

if captchaEnabled {
    return nil, errors.New("Security verification failed")
} else {
    return nil, errors.New("Authentication failed")
}

Comment thread apps/auth/internal/env/env.go
VerifyTokenKVBucket string `env:"VERIFY_TOKEN_KV_BUCKET" required:"true"`
ResetPasswordTokenKVBucket string `env:"RESET_PASSWORD_TOKEN_KV_BUCKET" required:"true"`

GoogleCloudProjectId string `env:"GOOGLE_CLOUD_PROJECT_ID" required:"true"`
Copy link
Copy Markdown

@sourcery-ai sourcery-ai Bot Oct 1, 2024

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🚨 suggestion (security): Consider documenting the implications of optional CAPTCHA

The change from required:"true" to required:"false" for these environment variables aligns with the new optional CAPTCHA behavior. Consider adding a comment explaining the security implications of not setting these variables, and under what circumstances it might be appropriate to leave them unset.

@nxtcoder17 nxtcoder17 merged commit f688fba into release-v1.0.8 Oct 1, 2024
@nxtcoder17 nxtcoder17 deleted the update/recaptcha branch October 1, 2024 08:50
abdheshnayak pushed a commit that referenced this pull request Nov 5, 2024
@nxtcoder19 @nxtcoder17
API(auth): validate recaptcha only when environment will be available [
af36833 
…#375](#375)

* validate recaptcha only when environment will be available

* fix: updates auth env parsing

* minor refactoring

---------

Co-authored-by: nxtcoder17 <nxtcoder17@gmail.com>
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

@karthik1729 karthik1729 Awaiting requested review from karthik1729

@nxtcoder17 nxtcoder17 Awaiting requested review from nxtcoder17

1 more reviewer

@sourcery-ai sourcery-ai[bot] sourcery-ai[bot] left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@nxtcoder19 @nxtcoder17