Skip to content

fix: set cookies for password recovery event#32

Merged
J0 merged 1 commit into
supabase:mainfrom
j4w8n:fix-set-cookies-for-password-recovery-event
Jul 3, 2024
Merged

fix: set cookies for password recovery event#32
J0 merged 1 commit into
supabase:mainfrom
j4w8n:fix-set-cookies-for-password-recovery-event

Conversation

@j4w8n

@j4w8n j4w8n commented Jul 3, 2024

Copy link
Copy Markdown
Contributor

What kind of change does this PR introduce?

Bug fix

What is the current behavior?

When resetting a user's password with an email template which has a URL defining the type value as recovery, and using the verifyOtp method to process the token_hash and type, the SSR server client's onAuthStateChange function does not recognize the PASSWORD_RECOVERY event that verifyOtp fires. This prevents the code here from running; resulting in the new session not being saved to cookies, and the user is not considered logged in.

Fixes #21

What is the new behavior?

User is logged in.

Additional context

Replaces PR #24

@J0 J0 force-pushed the fix-set-cookies-for-password-recovery-event branch from 7501201 to d2d71c8 Compare July 3, 2024 18:40
@J0 J0 marked this pull request as draft July 3, 2024 18:41
@J0 J0 marked this pull request as ready for review July 3, 2024 18:41
@J0 J0 merged commit 7dc1837 into supabase:main Jul 3, 2024
@github-actions github-actions Bot mentioned this pull request Jul 3, 2024
Merged
@J0

J0 commented Jul 3, 2024

Copy link
Copy Markdown
Contributor

Thank you!

@aloisklink aloisklink mentioned this pull request Jul 12, 2024
Closed
2 tasks
hf pushed a commit that referenced this pull request Aug 19, 2024
@github-actions
chore(main): release 0.5.0 (#28)
9cd6813 
🤖 I have created a release *beep* *boop*
---


## [0.5.0](v0.4.0...v0.5.0)
(2024-08-19)


### Features

* update CI so it runs on release as well
([#33](#33))
([4517996](4517996))


### Bug Fixes

* re-apply update CI so it runs on release as well
([#49](#49))
([51d5a43](51d5a43))
* revert "update CI so it runs on release as well"
([#44](#44))
([9d0e859](9d0e859))
* set cookies for password recovery event
([#32](#32))
([7dc1837](7dc1837))
* set cookies when mfa challenge is verified
([#27](#27))
([c217f53](c217f53))
* update conventional commits ci to use main instead of master
([#31](#31))
([bebce89](bebce89))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
@CropWatchDevelopment CropWatchDevelopment mentioned this pull request Sep 10, 2024
Closed
@Froggum Froggum mentioned this pull request Sep 10, 2024
Merged
@mightysai1997 mightysai1997 mentioned this pull request Sep 22, 2024
Open
@josetutis josetutis mentioned this pull request Oct 26, 2024
Open
@BhruguR BhruguR mentioned this pull request Nov 2, 2024
Closed
@github-actions github-actions Bot mentioned this pull request Nov 28, 2025
Closed
@supabase-releaser supabase-releaser Bot mentioned this pull request Jun 8, 2026
Merged
mandarini pushed a commit that referenced this pull request Jun 9, 2026
@supabase-releaser
chore(main): release 0.12.0 (#247)
d8c9b60 
🤖 I have created a release *beep* *boop*
---


## [0.12.0](v0.11.0...v0.12.0)
(2026-06-09)


### Features

* adds `cookies.encode` option allowing minimal cookie sizes
([#126](#126))
([cf38b22](cf38b22))
* bump `cookie` to 1.0.2
([#113](#113))
([b4a77b4](b4a77b4))
* **cookies:** add clearAuthCookiesAtScopes migration helper
([#240](#240))
([4e47249](4e47249))
* full rewrite using `getAll` and `setAll` cookie methods
([#1](#1))
([b6ae192](b6ae192))
* improve cookie chunk handling via base64url+length encoding
([#90](#90))
([6deb687](6deb687))
* pass cache headers to setAll to prevent CDN caching of auth responses
([#176](#176))
([14962d2](14962d2))
* publish SSR under deprecated auth-helpers package names
([#127](#127))
([e8b6102](e8b6102))
* release workflow RC versioning and publish reliability
([#164](#164))
([81e68f4](81e68f4))
* update CI so it runs on release as well
([#33](#33))
([4517996](4517996))
* update supabase-js to latest
([#133](#133))
([d65044d](d65044d))
* update supabase-js to latest
([#145](#145))
([08bf7d6](08bf7d6))
* upgrade cookie dependency and cleanup imports
([#77](#77))
([9524528](9524528))


### Bug Fixes

* add @types/cookies to dependencies
([#63](#63))
([47e5f16](47e5f16))
* add `create*Client` string in `x-client-info`
([#85](#85))
([f271acc](f271acc))
* allow cookies encode without getAll/setAll on browser client
([#213](#213))
([89f3f28](89f3f28)),
closes [#170](#170)
* allow use of `createBrowserClient` without `window` present
([#20](#20))
([27d868d](27d868d))
* **auth:** respect user-provided auth options in createBrowserClient
([#167](#167))
([5f04837](5f04837))
* check chunkedCookie is string in server client
([#57](#57))
([549fe62](549fe62))
* **ci:** remove packageManager field
([#197](#197))
([6bf0226](6bf0226))
* cookies console warnings
([#136](#136))
([64ff6b3](64ff6b3))
* deprecate `parse`, `serialize` exports for more useful functions
([#14](#14))
([0b5f881](0b5f881))
* enable tree-shaking for browser bundles
([#216](#216))
([f009d71](f009d71))
* fix `createBrowserClient` deprecation tsdoc
([#17](#17))
([1df70ad](1df70ad))
* force release ([#98](#98))
([66710e8](66710e8))
* re-apply update CI so it runs on release as well
([#49](#49))
([51d5a43](51d5a43))
* **release:** pin npm to 11.5.2 so OIDC trusted publisher works
([#249](#249))
([4af89f7](4af89f7))
* remove optional dependencies
([#41](#41))
([a48fe6f](a48fe6f))
* remove usage of internal type params
([#123](#123))
([8f3e89e](8f3e89e))
* revert "update CI so it runs on release as well"
([#44](#44))
([9d0e859](9d0e859))
* **revert:** "feat: improve cookie chunk handling via base64url+length
encoding ([#90](#90))"
([#100](#100))
([2ea8e23](2ea8e23))
* set `max-age` default cookie option to 400 days
([#54](#54))
([f4ed2e0](f4ed2e0))
* set cookies for password recovery event
([#32](#32))
([7dc1837](7dc1837))
* set cookies when mfa challenge is verified
([#27](#27))
([c217f53](c217f53))
* **tsconfig:** set explicit rootDir to silence TS6059 in consumer IDEs
([#211](#211))
([a77ee8a](a77ee8a)),
closes [#209](#209)
* update conventional commits ci to use main instead of master
([#31](#31))
([bebce89](bebce89))
* update README session docs
([#159](#159))
([b859905](b859905))
* update type, remove unused imports, define AuthEvent type
([#47](#47))
([4f4a375](4f4a375))
* use skipAutoInitialize to prevent SSR token refresh race condition
([#131](#131))
([0b7be28](0b7be28))
* validate base64-prefixed chunked cookies decode to valid JSON
([#210](#210))
([302cc0e](302cc0e))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: supabase-releaser[bot] <223506987+supabase-releaser[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

1 more reviewer

@J0 J0 J0 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Password Recovery Does Not Update Auth Session

3 participants

@j4w8n @J0 @j4w8n-malynium