supabase / supabase / 26147556506
72%

DEFAULT BRANCH: master
Ran
Jobs 1
Files 94
Run time 1min
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst
coverage: 71.809%. Remained the same
26147556506

push

github

web-flow 
fix(cli): login creating duplicate tokens on re-renders (#46120)

## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.

YES

## What kind of change does this PR introduce?

Bug fix

## What is the current behavior?

The CLI login page was firing `POST /platform/cli/login` multiple times
per page load due to an unstable `navigate` reference in the parent
component re-triggering the effect. This caused several duplicate
personal access tokens to be created for each browser sign-in attempt
(regression CLI-1491).

Additionally, error messages from non-Error rejection shapes (like those
from openapi-fetch) were being replaced with a generic "Unknown error"
message instead of surfacing the actual platform error.

## What is the new behavior?

1. **Prevents duplicate API calls**: Added a `useRef` guard
(`startedForSessionIdRef`) to ensure `createCliLoginSession` is only
called once per `sessionId`, even if the parent component re-renders
with a new `navigate` reference.

2. **Improved error handling**: Created a `getErrorMessage()` utility
that properly extracts error messages from both Error instances and
plain objects (e.g., `{ message: string, statusCode: number }`),
allowing platform error messages to surface instead of generic
fallbacks.

3. **Added comprehensive test coverage**:
- E2E test verifying the POST fires exactly once per page load with
realistic network latency
   - E2E test confirming platform error messages are displayed correctly
   - Unit test for non-Error rejection shapes
- Unit test verifying the effect doesn't re-trigger on parent re-renders

## Additional context

The fix addresses the root cause by:
- Using a ref to track which `sessionId` has already been processed,
preventing re-execution when deps change
- Extracting error message handling into a reusable utility that handles
both Error instances and plain objects
- Adding tests that specifically check for the regression (mu... (continued)

965 of 1364 branches covered (70.75%)

Branch coverage included in aggregate %.

1488 of 2052 relevant lines covered (72.51%)

240.34 hits per line

Subprojects
ID Flag name Job ID Ran Files Coverage
1 studio-tests 26147556506.1 94
71.81
 GitHub Action Run
Source Files on build 26147556506