Add disposable email domain heuristics for sign-up risk scoring #18
mantrakp04Annotations
7 errors
|
E2E Tests (Local Emulator, Node 22.x)
Process completed with exit code 1.
|
|
src/lib/cel-evaluator.ts > evaluateCelExpression with missing email:
apps/backend/src/lib/cel-evaluator.ts#L150
CelEvaluationError: Failed to evaluate CEL expression: riskScores.freeTrialAbuse == 44
❯ evaluateCelExpression src/lib/cel-evaluator.ts:150:11
❯ src/lib/cel-evaluator.ts:333:10
⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯⎯
Serialized Error: { expression: 'riskScores.freeTrialAbuse == 44', customCaptureExtraArgs: [ { expression: 'riskScores.freeTrialAbuse == 44', cause: { stack: 'Error: Identifier "freeTrialAbuse" not found in context: {"email":"","emailDomain":"","countryCode":"","authMethod":"oauth","oauthProvider":"discord","riskScores":{"bot":33,"free_trial_abuse":44}}\n at CelVisitor.getIdentifier (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:602:19)\n at CelVisitor.identifierDotExpression (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:587:21)\n at file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:446:29\n at Array.reduce (<anonymous>)\n at CelVisitor.getIndexSection (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:443:28)\n at CelVisitor.identifierExpression (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:575:21)\n at CelVisitor.visit (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/chevrotain@11.0.3/node_modules/chevrotain/src/parse/cst/cst_visitor.ts:60:32)\n at CelVisitor.atomicExpression (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:537:25)\n at CelVisitor.visit (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/chevrotain@11.0.3/node_modules/chevrotain/src/parse/cst/cst_visitor.ts:60:32)\n at CelVisitor.unaryExpression (file:///home/runner/work/stack-auth/stack-auth/node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:383:21)', message: 'Identifier "freeTrialAbuse" not found in context: {"email":"","emailDomain":"","countryCode":"","authMethod":"oauth","oauthProvider":"discord","riskScores":{"bot":33,"free_trial_abuse":44}}', constructor: 'Function<Error>', name: 'Error', toString: 'Function<toString>' } } ] }
Caused by: Error: Identifier "freeTrialAbuse" not found in context: {"email":"","emailDomain":"","countryCode":"","authMethod":"oauth","oauthProvider":"discord","riskScores":{"bot":33,"free_trial_abuse":44}}
❯ CelVisitor.getIdentifier ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:602:19
❯ CelVisitor.identifierDotExpression ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:587:21
❯ ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:446:29
❯ CelVisitor.getIndexSection ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:443:28
❯ CelVisitor.identifierExpression ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:575:21
❯ CelVisitor.visit ../../node_modules/.pnpm/chevrotain@11.0.3/node_modules/chevrotain/src/parse/cst/cst_visitor.ts:60:32
❯ CelVisitor.atomicExpression ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:537:25
❯ CelVisitor.visit ../../node_modules/.pnpm/chevrotain@11.0.3/node_modules/chevrotain/src/parse/cst/cst_visitor.ts:60:32
❯ CelVisitor.unaryExpression ../../node_modules/.pnpm/cel-js@0.8.2/node_modules/cel-js/dist/visitor.js:383:21
|
|
src/lib/cel-evaluator.ts > createSignUpRuleContext(...):
apps/backend/src/lib/cel-evaluator.ts#L211
AssertionError: expected { Object (email, emailDomain, ...) } to deeply equal { Object (email, emailDomain, ...) }
- Expected
+ Received
Object {
"authMethod": "password",
"countryCode": "",
"email": "test.user@example.com",
"emailDomain": "example.com",
"oauthProvider": "",
"riskScores": Object {
"bot": 17,
- "freeTrialAbuse": 23,
+ "free_trial_abuse": 23,
},
}
❯ src/lib/cel-evaluator.ts:211:7
|
|
tests/backend/endpoints/api/v1/internal/sign-up-rules-test.test.ts > with admin access > derives risk score conditions from disposable-email heuristics:
apps/e2e/tests/backend/endpoints/api/v1/internal/sign-up-rules-test.test.ts#L167
AssertionError: expected { context: { …(6) }, …(2) } to match object { …(2) }
(7 matching properties omitted from actual)
- Expected
+ Received
Object {
"context": Object {
"risk_scores": Object {
- "bot": 100,
- "free_trial_abuse": 100,
+ "bot": 0,
+ "free_trial_abuse": 0,
},
},
"outcome": Object {
- "decision": "reject",
- "decision_rule_id": "block-high-bot-score",
- "should_allow": false,
+ "decision": "default-allow",
+ "decision_rule_id": null,
+ "should_allow": true,
},
}
❯ tests/backend/endpoints/api/v1/internal/sign-up-rules-test.test.ts:167:27
|
|
tests/backend/endpoints/api/v1/risk-scores.test.ts > risk scores > interaction with sign-up rules > should reject user based on risk score CEL condition:
apps/e2e/tests/backend/endpoints/api/v1/risk-scores.test.ts#L852
AssertionError: expected 200 to be 403 // Object.is equality
- Expected
+ Received
- 403
+ 200
❯ tests/backend/endpoints/api/v1/risk-scores.test.ts:852:31
|
|
tests/backend/endpoints/api/v1/risk-scores.test.ts > risk scores > interaction with sign-up rules > should restrict user based on risk score CEL condition:
apps/e2e/tests/backend/endpoints/api/v1/risk-scores.test.ts#L823
AssertionError: expected false to be true // Object.is equality
- Expected
+ Received
- true
+ false
❯ tests/backend/endpoints/api/v1/risk-scores.test.ts:823:53
|
|
tests/backend/endpoints/api/v1/risk-scores.test.ts > risk scores > server-side update > should not change risk scores when updating other user fields:
apps/e2e/tests/backend/endpoints/api/v1/risk-scores.test.ts#L778
AssertionError: expected { sign_up: { bot: +0, …(1) } } to deeply equal { sign_up: { bot: 100, …(1) } }
- Expected
+ Received
Object {
"sign_up": Object {
- "bot": 100,
- "free_trial_abuse": 100,
+ "bot": 0,
+ "free_trial_abuse": 0,
},
}
❯ tests/backend/endpoints/api/v1/risk-scores.test.ts:778:47
|