Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix get_user calls fail when no session or jwt is available #315

Merged
merged 3 commits into from
Sep 12, 2023
Merged

fix get_user calls fail when no session or jwt is available #315

merged 3 commits into from
Sep 12, 2023

Conversation

jantznick
Copy link
Contributor

What kind of change does this PR introduce?

Fix #314

What is the current behavior?

Currently an error is returning from supabase request

What is the new behavior?

My update short circuits to prevent the supabase request from being made if there is no jwt and no session

Additional context

This mostly follows the logic of the get_session calls

Since it may not be obvious, my use case is a server side auth handler. Flow is as follows

  1. User logs in, flask adds cookie with jwt to request, user logs out <- after this there is no active session on the supabase client
  2. Future calls contain the jwt, flask takes the token and checks with get_user() if the user is valid <- this is where bug is happening, if an unauthenticated user attempt to view a page or api they should not be able to view as they won't have a jwt in the request

Flask route info causing the break:

@app.route('/user_profile', methods=['GET'])
def user_profile():
    jwt = request.cookies.get('auth') or ''
    res = supabase.auth.get_user(jwt)

@J0
Copy link
Contributor

J0 commented Sep 12, 2023

Hey,

Thanks for the PR! Do you mind running the pre-commit hooks on this? After which I think it's good to go.

@jantznick
Copy link
Contributor Author

@J0 yep, unsure if I did it correctly as I've never done it before, but when I did it just 'changed' the changelog but no diff was showing in my IDE, looks like it's the same. Anyways I think the test is passing now but was failing before so maybe it's right?

@J0
Copy link
Contributor

J0 commented Sep 12, 2023
edited
Loading

@jantznick

I think it's just the line endings so it probably won't show up. It should be fine now and good to go. Thanks! Appreciate you taking the time to improve gotrue-py

@codecov
Copy link

codecov bot commented Sep 12, 2023

Codecov Report

Patch coverage: 50.00% and project coverage change: -0.04% ⚠️

Comparison is base (64c0c66) 37.49% compared to head (5cf279e) 37.46%.
Report is 1 commits behind head on main.

Additional details and impacted files 
@@            Coverage Diff             @@
##             main     #315      +/-   ##
==========================================
- Coverage   37.49%   37.46%   -0.04%     
==========================================
  Files          25       25              
  Lines        2299     2301       +2     
==========================================
  Hits          862      862              
- Misses       1437     1439       +2
Files Changed Coverage Δ
gotrue/_async/gotrue_client.py 30.27% <50.00%> (-0.08%) ⬇️
gotrue/_sync/gotrue_client.py 30.27% <50.00%> (-0.08%) ⬇️

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

@J0 J0 merged commit 2a562a7 into supabase:main Sep 12, 2023
7 of 8 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@J0 J0 J0 approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

get_user calls fail when no session or jwt is available
2 participants
@jantznick @J0