github/OpenHands
1
0
Fork 0
mirror of https://github.com/OpenHands/OpenHands.git synced 2026-03-22 05:37:20 +08:00
Code Issues Packages Projects Releases Wiki Activity

feat(recaptcha): add user_id and email to assessment log (#12749)

Browse Source 
Co-authored-by: openhands <openhands@all-hands.dev>
This commit is contained in:
Saurya Velagapudi
2026-02-04 17:58:44 -08:00
committed by GitHub
parent 07eb791735
commit e38f1283ea
3 changed files with 63 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
enterprise/server/auth/recaptcha_service.py
View File

@@ -64,6 +64,7 @@ class RecaptchaService:
user_ip: str,
user_agent: str,
email: str | None = None,
user_id: str | None = None,
) -> AssessmentResult:
"""Create a reCAPTCHA Enterprise assessment.
@@ -73,6 +74,7 @@ class RecaptchaService:
user_ip: The user's IP address.
user_agent: The user's browser user agent.
email: Optional email for Account Defender hashing.
user_id: Optional Keycloak user ID for logging correlation.
Returns:
AssessmentResult with score, validity, and allowed status.
@@ -143,6 +145,8 @@ class RecaptchaService:
'has_suspicious_labels': has_suspicious_labels,
'allowed': allowed,
'user_ip': user_ip,
'user_id': user_id,
'email': email,
},
)

1
enterprise/server/routes/auth.py
View File

@@ -219,6 +219,7 @@ async def keycloak_callback(
user_ip=user_ip,
user_agent=user_agent,
email=email,
user_id=user_id,
)
if not result.allowed:

58
enterprise/tests/unit/test_recaptcha_service.py
View File

@@ -290,6 +290,64 @@ class TestRecaptchaServiceCreateAssessment:
assert call_kwargs[1]['extra']['action_valid'] is True
assert call_kwargs[1]['extra']['user_ip'] == '192.168.1.1'
def test_should_log_user_id_and_email_when_provided(
self, recaptcha_service, mock_gcp_client
):
"""Test that user_id and email are included in log when provided."""
# Arrange
mock_response = MagicMock()
mock_response.name = 'projects/test-project/assessments/xyz123'
mock_response.token_properties.valid = True
mock_response.token_properties.action = 'LOGIN'
mock_response.risk_analysis.score = 0.9
mock_response.risk_analysis.reasons = []
mock_gcp_client.create_assessment.return_value = mock_response
with patch('server.auth.recaptcha_service.logger') as mock_logger:
# Act
recaptcha_service.create_assessment(
token='test-token',
action='LOGIN',
user_ip='192.168.1.1',
user_agent='Mozilla/5.0',
email='test@example.com',
user_id='keycloak-user-123',
)
# Assert
mock_logger.info.assert_called_once()
call_kwargs = mock_logger.info.call_args
assert call_kwargs[1]['extra']['user_id'] == 'keycloak-user-123'
assert call_kwargs[1]['extra']['email'] == 'test@example.com'
def test_should_log_none_for_user_id_and_email_when_not_provided(
self, recaptcha_service, mock_gcp_client
):
"""Test that user_id and email are logged as None when not provided."""
# Arrange
mock_response = MagicMock()
mock_response.name = 'projects/test-project/assessments/abc456'
mock_response.token_properties.valid = True
mock_response.token_properties.action = 'LOGIN'
mock_response.risk_analysis.score = 0.9
mock_response.risk_analysis.reasons = []
mock_gcp_client.create_assessment.return_value = mock_response
with patch('server.auth.recaptcha_service.logger') as mock_logger:
# Act
recaptcha_service.create_assessment(
token='test-token',
action='LOGIN',
user_ip='192.168.1.1',
user_agent='Mozilla/5.0',
)
# Assert
mock_logger.info.assert_called_once()
call_kwargs = mock_logger.info.call_args
assert call_kwargs[1]['extra']['user_id'] is None
assert call_kwargs[1]['extra']['email'] is None
def test_should_raise_exception_when_gcp_client_fails(
self, recaptcha_service, mock_gcp_client
):