From c217f5392b17a80a8e30709445c239e860a107d6 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Wed, 3 Jul 2024 11:39:08 +0200 Subject: [PATCH 1/5] fix: set cookies when mfa challenge is verified (#27) ## What kind of change does this PR introduce? Currently, create server client doesn't seem to set cookies when MFA Challenge is verified --- CHANGELOG.md | 10 ++++------ src/createServerClient.ts | 3 ++- 2 files changed, 6 insertions(+), 7 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 2458882..0546666 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,17 +2,15 @@ ## [0.4.0](https://github.com/supabase/ssr/compare/v0.3.0...v0.4.0) (2024-06-24) - ### Features -* full rewrite using `getAll` and `setAll` cookie methods ([#1](https://github.com/supabase/ssr/issues/1)) ([b6ae192](https://github.com/supabase/ssr/commit/b6ae192aeb37ac6948637955cf1d3d6179b90065)) - +- full rewrite using `getAll` and `setAll` cookie methods ([#1](https://github.com/supabase/ssr/issues/1)) ([b6ae192](https://github.com/supabase/ssr/commit/b6ae192aeb37ac6948637955cf1d3d6179b90065)) ### Bug Fixes -* allow use of `createBrowserClient` without `window` present ([#20](https://github.com/supabase/ssr/issues/20)) ([27d868d](https://github.com/supabase/ssr/commit/27d868d530925805fe2f3577ae716ece40dd3ab6)) -* deprecate `parse`, `serialize` exports for more useful functions ([#14](https://github.com/supabase/ssr/issues/14)) ([0b5f881](https://github.com/supabase/ssr/commit/0b5f881e90b7836f2b98b733aac1cc9f916286cb)) -* fix `createBrowserClient` deprecation tsdoc ([#17](https://github.com/supabase/ssr/issues/17)) ([1df70ad](https://github.com/supabase/ssr/commit/1df70ad51e65caab46cbc00342dbb42f6d498c32)) +- allow use of `createBrowserClient` without `window` present ([#20](https://github.com/supabase/ssr/issues/20)) ([27d868d](https://github.com/supabase/ssr/commit/27d868d530925805fe2f3577ae716ece40dd3ab6)) +- deprecate `parse`, `serialize` exports for more useful functions ([#14](https://github.com/supabase/ssr/issues/14)) ([0b5f881](https://github.com/supabase/ssr/commit/0b5f881e90b7836f2b98b733aac1cc9f916286cb)) +- fix `createBrowserClient` deprecation tsdoc ([#17](https://github.com/supabase/ssr/issues/17)) ([1df70ad](https://github.com/supabase/ssr/commit/1df70ad51e65caab46cbc00342dbb42f6d498c32)) ## 0.3.0 diff --git a/src/createServerClient.ts b/src/createServerClient.ts index c424a58..2605371 100644 --- a/src/createServerClient.ts +++ b/src/createServerClient.ts @@ -193,7 +193,8 @@ export function createServerClient< (event === "SIGNED_IN" || event === "TOKEN_REFRESHED" || event === "USER_UPDATED" || - event === "SIGNED_OUT") + event === "SIGNED_OUT" || + event === "MFA_CHALLENGE_VERIFIED") ) { await applyServerStorage( { getAll, setAll, setItems, removedItems }, From bebce8999d9b2ae554daa2aaffdaf37d972b7fe4 Mon Sep 17 00:00:00 2001 From: Joel Lee Date: Wed, 3 Jul 2024 20:40:01 +0200 Subject: [PATCH 2/5] fix: update conventional commits ci to use main instead of master (#31) ## What kind of change does this PR introduce? As per title --- .github/workflows/conventional-commits.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/conventional-commits.yml b/.github/workflows/conventional-commits.yml index f91c9b0..71e0e1d 100644 --- a/.github/workflows/conventional-commits.yml +++ b/.github/workflows/conventional-commits.yml @@ -3,12 +3,12 @@ name: Check pull requests on: push: branches-ignore: # Run the checks on all branches but the protected ones - - master + - main - release/* pull_request_target: branches: - - master + - main - release/* types: - opened From 7dc1837dc4aba870b32792586969316df980ce07 Mon Sep 17 00:00:00 2001 From: Jason Creviston Date: Wed, 3 Jul 2024 14:42:02 -0400 Subject: [PATCH 3/5] fix: set cookies for password recovery event (#32) ## What kind of change does this PR introduce? Bug fix ## What is the current behavior? When resetting a user's password with an email template which has a URL defining the `type` value as `recovery`, and using the `verifyOtp` method to process the token_hash and type, the SSR server client's `onAuthStateChange` function does not recognize the `PASSWORD_RECOVERY` event that verifyOtp fires. This prevents the code [here](https://github.com/supabase/ssr/blob/main/src/createServerClient.ts#L199-L205) from running; resulting in the new session not being saved to cookies, and the user is not considered logged in. Fixes #21 ## What is the new behavior? User is logged in. ## Additional context Replaces PR #24 Co-authored-by: Jason Creviston --- src/createServerClient.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/src/createServerClient.ts b/src/createServerClient.ts index 2605371..c59edb1 100644 --- a/src/createServerClient.ts +++ b/src/createServerClient.ts @@ -193,6 +193,7 @@ export function createServerClient< (event === "SIGNED_IN" || event === "TOKEN_REFRESHED" || event === "USER_UPDATED" || + event === "PASSWORD_RECOVERY" || event === "SIGNED_OUT" || event === "MFA_CHALLENGE_VERIFIED") ) { From 2087b0b760226a9283d61ce3f0949c637ef37ed9 Mon Sep 17 00:00:00 2001 From: Christopher Tran Date: Mon, 1 Jul 2024 13:44:31 -0700 Subject: [PATCH 4/5] null check for chunkedCookie in server client --- src/cookies.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cookies.ts b/src/cookies.ts index 8b7aa6c..bde02a4 100644 --- a/src/cookies.ts +++ b/src/cookies.ts @@ -342,7 +342,7 @@ export function createStorageFromOptions( let decoded = chunkedCookie; - if (chunkedCookie.startsWith(BASE64_PREFIX)) { + if (chunkedCookie !== null && chunkedCookie.startsWith(BASE64_PREFIX)) { decoded = stringFromBase64URL( chunkedCookie.substring(BASE64_PREFIX.length), ); From 247c59165ad25848b53338cfdd7918f2fada815b Mon Sep 17 00:00:00 2001 From: Christopher Tran Date: Mon, 1 Jul 2024 16:40:22 -0700 Subject: [PATCH 5/5] allow only strings --- src/cookies.ts | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/cookies.ts b/src/cookies.ts index bde02a4..54cac5a 100644 --- a/src/cookies.ts +++ b/src/cookies.ts @@ -342,7 +342,7 @@ export function createStorageFromOptions( let decoded = chunkedCookie; - if (chunkedCookie !== null && chunkedCookie.startsWith(BASE64_PREFIX)) { + if (typeof chunkedCookie === 'string' && chunkedCookie.startsWith(BASE64_PREFIX)) { decoded = stringFromBase64URL( chunkedCookie.substring(BASE64_PREFIX.length), );