From 7d1bd400eec667ff5c52f4dcc4e68c63d79b1ff2 Mon Sep 17 00:00:00 2001
From: Nikos Douvlis <nikosdouvlis@gmail.com>
Date: Wed, 8 Jan 2025 16:23:53 +0200
Subject: [PATCH] =?UTF-8?q?fix(clerk-js):=20Post=20captcha=20tokens=20to?=
 =?UTF-8?q?=20/client/verify=20instead=20of=20PATCH=E2=80=A6=20(#4850)?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .changeset/wise-bottles-kneel.md              |  5 ++++
 packages/clerk-js/src/core/resources/Base.ts  |  8 ++---
 .../clerk-js/src/core/resources/Client.ts     |  2 +-
 .../core/resources/__tests__/Client.test.ts   | 30 +++++++++++++++++++
 4 files changed, 40 insertions(+), 5 deletions(-)
 create mode 100644 .changeset/wise-bottles-kneel.md

diff --git a/.changeset/wise-bottles-kneel.md b/.changeset/wise-bottles-kneel.md
new file mode 100644
index 0000000000..87ebce092c
--- /dev/null
+++ b/.changeset/wise-bottles-kneel.md
@@ -0,0 +1,5 @@
+---
+'@clerk/clerk-js': patch
+---
+
+Post captcha tokens to /client/verify instead of PATCH /client
diff --git a/packages/clerk-js/src/core/resources/Base.ts b/packages/clerk-js/src/core/resources/Base.ts
index 44e93cc191..105e255a37 100644
--- a/packages/clerk-js/src/core/resources/Base.ts
+++ b/packages/clerk-js/src/core/resources/Base.ts
@@ -195,6 +195,10 @@ export abstract class BaseResource {
     return this._baseMutate<J>({ ...params, method: 'POST' });
   }
 
+  protected async _basePostBypass<J extends ClerkResourceJSON>(params: BaseMutateParams = {}): Promise<this> {
+    return this._baseMutateBypass<J>({ ...params, method: 'POST' });
+  }
+
   protected async _basePut<J extends ClerkResourceJSON | null>(params: BaseMutateParams = {}): Promise<this> {
     return this._baseMutate<J>({ ...params, method: 'PUT' });
   }
@@ -203,10 +207,6 @@ export abstract class BaseResource {
     return this._baseMutate<J>({ ...params, method: 'PATCH' });
   }
 
-  protected async _basePatchBypass<J extends ClerkResourceJSON>(params: BaseMutateParams = {}): Promise<this> {
-    return this._baseMutateBypass<J>({ ...params, method: 'PATCH' });
-  }
-
   protected async _baseDelete<J extends ClerkResourceJSON | null>(params: BaseMutateParams = {}): Promise<void> {
     await this._baseMutate<J>({ ...params, method: 'DELETE' });
   }
diff --git a/packages/clerk-js/src/core/resources/Client.ts b/packages/clerk-js/src/core/resources/Client.ts
index 09a76e5704..9fbcfd8383 100644
--- a/packages/clerk-js/src/core/resources/Client.ts
+++ b/packages/clerk-js/src/core/resources/Client.ts
@@ -106,7 +106,7 @@ export class Client extends BaseResource implements ClientResource {
   }
 
   public sendCaptchaToken(params: unknown): Promise<ClientResource> {
-    return this._basePatchBypass({ body: params });
+    return this._basePostBypass({ body: params, path: this.path() + '/verify' });
   }
 
   fromJSON(data: ClientJSON | ClientJSONSnapshot | null): this {
diff --git a/packages/clerk-js/src/core/resources/__tests__/Client.test.ts b/packages/clerk-js/src/core/resources/__tests__/Client.test.ts
index aefc7f26b5..635a85adcc 100644
--- a/packages/clerk-js/src/core/resources/__tests__/Client.test.ts
+++ b/packages/clerk-js/src/core/resources/__tests__/Client.test.ts
@@ -4,6 +4,36 @@ import { createSession, createSignIn, createSignUp, createUser } from '../../tes
 import { BaseResource, Client } from '../internal';
 
 describe('Client Singleton', () => {
+  it('sends captcha token', async () => {
+    const user = createUser({ first_name: 'John', last_name: 'Doe', id: 'user_1' });
+    const session = createSession({ id: 'session_1' }, user);
+    const clientObjectJSON: ClientJSON = {
+      object: 'client',
+      id: 'test_id',
+      status: 'active',
+      last_active_session_id: 'test_session_id',
+      sign_in: createSignIn({ id: 'test_sign_in_id' }, user),
+      sign_up: createSignUp({ id: 'test_sign_up_id' }), //  This is only for testing purposes, this will never happen
+      sessions: [session],
+      created_at: jest.now() - 1000,
+      updated_at: jest.now(),
+    } as any;
+
+    // @ts-expect-error This is a private method that we are mocking
+    BaseResource._baseFetch = jest.fn();
+
+    const client = Client.getOrCreateInstance().fromJSON(clientObjectJSON);
+    await client.sendCaptchaToken({ captcha_token: 'test_captcha_token' });
+    // @ts-expect-error This is a private method that we are mocking
+    expect(BaseResource._baseFetch).toHaveBeenCalledWith({
+      method: 'POST',
+      path: `/client/verify`,
+      body: {
+        captcha_token: 'test_captcha_token',
+      },
+    });
+  });
+
   it('destroy', async () => {
     const user = createUser({ first_name: 'John', last_name: 'Doe', id: 'user_1' });
     const session = createSession({ id: 'session_1' }, user);