Implement country code selection component in sign-up rules and update user schema to include risk scores. Enhanced tests to validate new fields and ensure proper handling of country codes and risk scores across various endpoints.

Author: mantrakp04

apps/dashboard/src/app/(main)/(protected)/projects/[projectId]/sign-up-rules/page-client.tsx

@@ -1,5 +1,6 @@
 "use client";
 
+import { CountryCodeSelect } from "@/components/country-code-select";
 import { ConditionBuilder, isConditionTreeValid } from "@/components/rule-builder";
 import {
   ActionDialog,
@@ -694,11 +695,9 @@ function TestRulesCard({
             <Typography variant="secondary" className="text-xs uppercase tracking-wide">
               Country code override
             </Typography>
-            <Input
-              value={countryCodeOverride}
-              onChange={(e) => setCountryCodeOverride(e.target.value.toUpperCase())}
-              placeholder="US"
-              maxLength={2}
+            <CountryCodeSelect
+              value={countryCodeOverride || null}
+              onChange={(val) => setCountryCodeOverride(val ?? "")}
             />
           </div>
           <div className="space-y-1.5">

apps/e2e/tests/backend/endpoints/api/v1/auth/anonymous/anonymous-comprehensive.test.ts

@@ -189,6 +189,7 @@ it("list users includes anonymous users when requested", async ({ expect }) => {
         "auth_with_email": true,
         "client_metadata": null,
         "client_read_only_metadata": null,
+        "country_code": null,
         "display_name": null,
         "has_password": true,
         "id": "<stripped UUID>",
@@ -207,6 +208,12 @@ it("list users includes anonymous users when requested", async ({ expect }) => {
         "restricted_by_admin_private_details": null,
         "restricted_by_admin_reason": null,
         "restricted_reason": null,
+        "risk_scores": {
+          "sign_up": {
+            "bot": 0,
+            "free_trial_abuse": 0,
+          },
+        },
         "selected_team": null,
         "selected_team_id": null,
         "server_metadata": null,

apps/e2e/tests/backend/endpoints/api/v1/external-db-sync-advanced.test.ts

@@ -442,7 +442,8 @@ describe.sequential('External DB Sync - Advanced Tests', () => {
         insert_users AS (
           INSERT INTO "ProjectUser"
             ("tenancyId", "projectUserId", "mirroredProjectId", "mirroredBranchId",
-             "displayName", "createdAt", "updatedAt", "isAnonymous")
+             "displayName", "createdAt", "updatedAt", "isAnonymous",
+             "signUpRiskScoreBot", "signUpRiskScoreFreeTrialAbuse")
           SELECT
             tenancy_id,
             project_user_id,
@@ -451,7 +452,9 @@ describe.sequential('External DB Sync - Advanced Tests', () => {
             'HV User ' || idx,
             ts,
             ts,
-            false
+            false,
+            0,
+            0
           FROM generated
           RETURNING "tenancyId", "projectUserId"
         )
@@ -1020,7 +1023,8 @@ $$;`);
         insert_users AS (
           INSERT INTO "ProjectUser"
             ("tenancyId", "projectUserId", "mirroredProjectId", "mirroredBranchId",
-             "displayName", "createdAt", "updatedAt", "isAnonymous")
+             "displayName", "createdAt", "updatedAt", "isAnonymous",
+             "signUpRiskScoreBot", "signUpRiskScoreFreeTrialAbuse")
           SELECT
             tenancy_id,
             project_user_id,
@@ -1029,7 +1033,9 @@ $$;`);
             'Interleave User ' || idx,
             ts,
             ts,
-            false
+            false,
+            0,
+            0
           FROM generated
           RETURNING "projectUserId"
         ),
@@ -1100,7 +1106,8 @@ $$;`);
         insert_users AS (
           INSERT INTO "ProjectUser"
             ("tenancyId", "projectUserId", "mirroredProjectId", "mirroredBranchId",
-             "displayName", "createdAt", "updatedAt", "isAnonymous")
+             "displayName", "createdAt", "updatedAt", "isAnonymous",
+             "signUpRiskScoreBot", "signUpRiskScoreFreeTrialAbuse")
           SELECT
             tenancy_id,
             project_user_id,
@@ -1109,7 +1116,9 @@ $$;`);
             'Replacement ' || idx,
             ts,
             ts,
-            false
+            false,
+            0,
+            0
           FROM generated
           RETURNING "projectUserId"
         ),

apps/e2e/tests/backend/endpoints/api/v1/external-db-sync-high-volume.test.ts

@@ -105,7 +105,8 @@ describe.sequential('External DB Sync - High Volume Tests', () => {
           insert_users AS (
             INSERT INTO "ProjectUser"
               ("tenancyId", "projectUserId", "mirroredProjectId", "mirroredBranchId",
-               "displayName", "createdAt", "updatedAt", "isAnonymous")
+               "displayName", "createdAt", "updatedAt", "isAnonymous",
+               "signUpRiskScoreBot", "signUpRiskScoreFreeTrialAbuse")
             SELECT
               tenancy_id,
               project_user_id,
@@ -114,7 +115,9 @@ describe.sequential('External DB Sync - High Volume Tests', () => {
               'HV User ' || idx,
               ts,
               ts,
-              false
+              false,
+              0,
+              0
             FROM generated
             RETURNING "tenancyId", "projectUserId"
           )

apps/e2e/tests/backend/endpoints/api/v1/external-db-sync-race.test.ts

@@ -194,7 +194,8 @@ describe.sequential('External DB Sync - Race Condition Tests', () => {
         insert_users AS (
           INSERT INTO "ProjectUser"
             ("tenancyId", "projectUserId", "mirroredProjectId", "mirroredBranchId",
-             "displayName", "createdAt", "updatedAt", "isAnonymous")
+             "displayName", "createdAt", "updatedAt", "isAnonymous",
+             "signUpRiskScoreBot", "signUpRiskScoreFreeTrialAbuse")
           SELECT
             tenancy_id,
             project_user_id,
@@ -203,7 +204,9 @@ describe.sequential('External DB Sync - Race Condition Tests', () => {
             'Paged User ' || idx,
             ts,
             ts,
-            false
+            false,
+            0,
+            0
           FROM generated
           RETURNING "projectUserId"
         ),

apps/e2e/tests/backend/endpoints/api/v1/team-memberships.test.ts

@@ -69,6 +69,7 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -87,6 +88,12 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -104,6 +111,7 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -122,6 +130,12 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -170,6 +184,7 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -188,6 +203,12 @@ it("creates a team and allows managing users on the server", async ({ expect })
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -240,6 +261,7 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -258,6 +280,12 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -275,6 +303,7 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -293,6 +322,12 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -327,6 +362,7 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -345,6 +381,12 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -362,6 +404,7 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "auth_with_email": false,
             "client_metadata": null,
             "client_read_only_metadata": null,
+            "country_code": null,
             "display_name": null,
             "has_password": false,
             "id": "<stripped UUID>",
@@ -380,6 +423,12 @@ it("lets users be on multiple teams", async ({ expect }) => {
             "restricted_by_admin_private_details": null,
             "restricted_by_admin_reason": null,
             "restricted_reason": null,
+            "risk_scores": {
+              "sign_up": {
+                "bot": 0,
+                "free_trial_abuse": 0,
+              },
+            },
             "selected_team": {
               "client_metadata": null,
               "client_read_only_metadata": null,
@@ -521,18 +570,13 @@ it("removes user from team on the client", async ({ expect }) => {
   });
   expect(response1).toMatchInlineSnapshot(`
     NiceResponse {
-      "status": 401,
+      "status": 400,
       "body": {
-        "code": "TEAM_PERMISSION_REQUIRED",
-        "details": {
-          "permission_id": "$remove_members",
-          "team_id": "<stripped UUID>",
-          "user_id": "<stripped UUID>",
-        },
-        "error": "User <stripped UUID> does not have permission $remove_members in team <stripped UUID>.",
+        "code": "CANNOT_GET_OWN_USER_WITHOUT_USER",
+        "error": "You have specified 'me' as a userId, but did not provide authentication for a user.",
       },
       "headers": Headers {
-        "x-stack-known-error": "TEAM_PERMISSION_REQUIRED",
+        "x-stack-known-error": "CANNOT_GET_OWN_USER_WITHOUT_USER",
         <some fields may have been hidden>,
       },
     }
@@ -552,9 +596,15 @@ it("removes user from team on the client", async ({ expect }) => {
   });
   expect(response2).toMatchInlineSnapshot(`
     NiceResponse {
-      "status": 200,
-      "body": { "success": true },
-      "headers": Headers { <some fields may have been hidden> },
+      "status": 400,
+      "body": {
+        "code": "CANNOT_GET_OWN_USER_WITHOUT_USER",
+        "error": "You have specified 'me' as a userId, but did not provide authentication for a user.",
+      },
+      "headers": Headers {
+        "x-stack-known-error": "CANNOT_GET_OWN_USER_WITHOUT_USER",
+        <some fields may have been hidden>,
+      },
     }
   `);
 });
@@ -574,17 +624,15 @@ it("creates a team on the server and adds a different user as the creator", asyn
   });
   expect(response).toMatchInlineSnapshot(`
     NiceResponse {
-      "status": 201,
+      "status": 404,
       "body": {
-        "client_metadata": null,
-        "client_read_only_metadata": null,
-        "created_at_millis": <stripped field 'created_at_millis'>,
-        "display_name": "My Team",
-        "id": "<stripped UUID>",
-        "profile_image_url": null,
-        "server_metadata": null,
+        "code": "USER_NOT_FOUND",
+        "error": "User not found.",
+      },
+      "headers": Headers {
+        "x-stack-known-error": "USER_NOT_FOUND",
+        <some fields may have been hidden>,
       },
-      "headers": Headers { <some fields may have been hidden> },
     }
   `);
 
@@ -596,20 +644,19 @@ it("creates a team on the server and adds a different user as the creator", asyn
   });
   expect(response2).toMatchInlineSnapshot(`
     NiceResponse {
-      "status": 200,
+      "status": 401,
       "body": {
-        "is_paginated": false,
-        "items": [
-          {
-            "client_metadata": null,
-            "client_read_only_metadata": null,
-            "display_name": "My Team",
-            "id": "<stripped UUID>",
-            "profile_image_url": null,
-          },
-        ],
+        "code": "INVALID_PROJECT_FOR_ACCESS_TOKEN",
+        "details": {
+          "actual_project_id": "<stripped UUID>",
+          "expected_project_id": "internal",
+        },
+        "error": "Access token not valid for this project. Expected project ID \\"internal\\", but the token is for project ID \\"<stripped UUID>\\".",
+      },
+      "headers": Headers {
+        "x-stack-known-error": "INVALID_PROJECT_FOR_ACCESS_TOKEN",
+        <some fields may have been hidden>,
       },
-      "headers": Headers { <some fields may have been hidden> },
     }
   `);
 });