Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix: add token to hook payload for non-secure email change #1763

Merged
merged 1 commit into from
Sep 11, 2024

Conversation

J0
Copy link
Contributor

@J0 J0 commented Sep 4, 2024

What kind of change does this PR introduce?

Fix #1744 by introducing the token to the Auth Hook payload for Send Email. The tokenHash seems to be already present.

Currently, it's passed into the function as otpNew. Though it is indeed the OTP needed to validate the new email address we place it in the token field to maintain the convention that token_hash_new is only populated when secure email change is enabled

New output structure:

image

@J0 J0 requested a review from a team as a code owner September 4, 2024 09:45
@coveralls
Copy link

Pull Request Test Coverage Report for Build 10699210353

Details

  • 5 of 5 (100.0%) changed or added relevant lines in 1 file are covered.
  • 7 unchanged lines in 1 file lost coverage.
  • Overall coverage decreased (-0.02%) to 57.905%

Files with Coverage Reduction New Missed Lines %
internal/api/mail.go 7 57.62%
Totals Coverage Status
Change from base Build 10684529517: -0.02%
Covered Lines: 9138
Relevant Lines: 15781

💛 - Coveralls

@J0 J0 changed the title fix: add token for non-secure email change fix: add token to hook payload for non-secure email change Sep 4, 2024
@J0 J0 merged commit 7e472ad into master Sep 11, 2024
6 checks passed
@J0 J0 deleted the j0/add_token_for_non_secure_email_change branch September 11, 2024 14:31
hf pushed a commit that referenced this pull request Sep 24, 2024
🤖 I have created a release *beep* *boop*
---


##
[2.161.0](v2.160.0...v2.161.0)
(2024-09-24)


### Features

* add `x-sb-error-code` header, show error code in logs
([#1765](#1765))
([ed91c59](ed91c59))
* add webauthn configuration variables
([#1773](#1773))
([77d5897](77d5897))
* config reloading
([#1771](#1771))
([6ee0091](6ee0091))


### Bug Fixes

* add additional information around errors for missing content type
header ([#1576](#1576))
([c2b2f96](c2b2f96))
* add token to hook payload for non-secure email change
([#1763](#1763))
([7e472ad](7e472ad))
* update aal requirements to update user
([#1766](#1766))
([25d9874](25d9874))
* update mfa admin methods
([#1774](#1774))
([567ea7e](567ea7e))
* user sanitization should clean up email change info too
([#1759](#1759))
([9d419b4](9d419b4))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
LashaJini pushed a commit to LashaJini/auth that referenced this pull request Nov 13, 2024
…1763)

## What kind of change does this PR introduce?

Fix supabase#1744 by introducing the token to the Auth Hook payload for Send
Email. The tokenHash seems to be already present.

Currently, it's passed into the function as `otpNew`. Though it is
indeed the OTP needed to validate the new email address we place it in
the `token` field to maintain the convention that `token_hash_new` is
only populated when secure email change is enabled

New output structure:

<img width="598" alt="image"
src="https://github.com/user-attachments/assets/a8c44214-dcf2-4d2e-a653-b3953244ac69">
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

send_email auth hook email_change does not contain token
3 participants