• Home
  • Features
  • Pricing
  • Docs
  • Announcements
  • Sign In

supabase / auth
58%
master: 68%

Build:
Build:
LAST BUILD BRANCH: hf/redirect-url-fragment
DEFAULT BRANCH: master
Repo Added 27 Mar 2024 06:02AM UTC
Token 4bwRC3LZFPF44ZxCFKL8wNnCqKD2BNicB regen
Build 1185 Last
Files 166
Badge
Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

LAST BUILD ON BRANCH fix/update-sanitize-signup
branch: fix/update-sanitize-signup
CHANGE BRANCH
x
Reset
Sync Branches
  • fix/update-sanitize-signup
  • add-max-length-check-for-email
  • add-phone-number-in-sms-webhook
  • bewinxed/webauthn-persist-latest-attestation
  • bewinxed/webauthn-support
  • bo/docs/readme-code-syntax
  • bugfix/bootstrapping
  • cemal/add-checksums-to-release-notes
  • cemal/audit-log-stdout
  • cemal/audit-logs-prevent-only-writing-postgres
  • cemal/ci-fix-yaml-syntax-error
  • cemal/enhance-record-login-calls
  • cemal/facebook-limited-login-support
  • cemal/feat-add-oauth-authorize-endpoint
  • cemal/feat-add-oauth-client-type
  • cemal/feat-add-oauth-token-endpoint
  • cemal/feat-add-regenerate-client-secret
  • cemal/feat-add-well-known-oauth-auth-server
  • cemal/feat-enhance-url-check-issuer
  • cemal/feat-facebook-limited-login-skip-nonce-check
  • cemal/feat-oauth2-return-redirect-url
  • cemal/feat-redirect-url-v2
  • cemal/feat-remove-client-id-column-oauth-clients
  • cemal/feat-support-multiple-aud
  • cemal/feat-update-docker-compose-dev
  • cemal/feat-update-openapi
  • cemal/fix-add-missing-param
  • cemal/fix-info-log-on-http-server-close
  • cemal/fix-makefile
  • cemal/fix-oauth2-referer-check
  • cemal/fix-provider-info-signup-audit
  • cemal/oauth-provider-client
  • cemal/refactor-token-service
  • chore-fix-link-to-netlify-gotrue
  • chore/harden-runners
  • chore/testing
  • chore/update-workflow-check-commits
  • cleanup-ci
  • cs/api-db-access
  • cs/api-errorcodes-refactor
  • cs/auth-sso-resource-id-support
  • cs/background-template-reloading
  • cs/background-template-reloading-p2
  • cs/background-template-reloading-p3
  • cs/bug-fix-send-email-hook
  • cs/chore-apitask-tests
  • cs/chore-gosec-fixes
  • cs/conf-coverage
  • cs/e2e
  • cs/feat-add-after-user-created-hook
  • cs/feat-background-workers
  • cs/feat-config-reloader
  • cs/feat-config-reloads-poller
  • cs/feat-email-and-sms-rate-limiting
  • cs/feat-mailer-cleanup-p1
  • cs/feat-mailer-logging
  • cs/feat-makefile-qol
  • cs/feat-percentage-based-db-conn-limits
  • cs/feat-rate-limiter-persistence
  • cs/feat-validate-email-address
  • cs/fix-rate-limit-zero-value-test
  • cs/fix-respect-rate-limit-zero
  • cs/hooks-content-negotiation-fix
  • cs/hooks-p1
  • cs/hooks-p2
  • cs/hooks-p3
  • cs/hooks-p4
  • cs/hooks-pr5-opt1
  • cs/hooks-pr5-opt2
  • cs/hooks-refactor-apierrors
  • cs/hooks-test-coverage
  • cs/invite-fix
  • cs/mailer-refactor-p1
  • cs/master-fix-missing-error-propagation
  • cs/maxconn-fix-1
  • cs/rate-limit-otp-clarity
  • cs/rate-limit-refactor
  • cs/reduce-artifact-sizes
  • cs/reload-coverage
  • cs/reloader-allow-invalid-config-dir
  • cs/revert-1974
  • cs/update-godotenv
  • cs/v1hooks
  • dependabot/go_modules/github.com/getkin/kin-openapi-0.131.0
  • dependabot/go_modules/github.com/go-chi/chi/v5-5.2.2
  • dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.4
  • dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1
  • dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.2
  • dependabot/go_modules/github.com/golang-jwt/jwt/v5-5.2.2
  • dependabot/go_modules/github.com/rs/cors-1.11.0
  • dependabot/go_modules/golang.org/x/crypto-0.31.0
  • dependabot/go_modules/golang.org/x/net-0.23.0
  • dependabot/go_modules/golang.org/x/net-0.36.0
  • dependabot/go_modules/golang.org/x/net-0.38.0
  • dependabot/go_modules/golang.org/x/oauth2-0.27.0
  • development
  • docs-anon-login-configs
  • docs/documentation-cleanup
  • docs/remove-unused-env-var
  • esinx-naver-provider
  • feat-slack-oauth-v2
  • feat/min-jwt
  • feat/mx-blocklist
  • feat/solana-ledger
  • feat_docker_compose_and_go
  • feature/snapchat-oauth
  • figma-auth
  • fix--oauth-redirect-parsing
  • fix-binary-name
  • fix-contributing-md
  • fix-magiclink-requiredchars
  • fix_contributing_typo
  • hf/aao-in-send-email
  • hf/add-audit-log-disable-postgres
  • hf/add-authorized-email-addresses
  • hf/add-azure-ciam
  • hf/add-exhaustive
  • hf/add-magic-link-disable-toggle
  • hf/add-max-idle-time
  • hf/add-one-time-tokens
  • hf/add-support-for-argon2
  • hf/adjust-required-claims-in-auth-hooks
  • hf/artifact-bucket
  • hf/azure-overage-include-api-version
  • hf/bump-saml-0-5-1
  • hf/captcha-parsing-fix
  • hf/change-s3-role
  • hf/chore-fix-gha-perms
  • hf/chore-release-as-2-165-2
  • hf/ci-alpine-3
  • hf/ci-dogofooding-checks-on-release
  • hf/ci-fast-release-tarball
  • hf/ci-fix-binary-version-docker
  • hf/ci-fix-coverage-metering
  • hf/ci-fix-dogfooding
  • hf/ci-fix-dogfooding-take-2
  • hf/cover-crypto-100
  • hf/db-advisor
  • hf/email-less-accounts-with-oauth
  • hf/email-rate-limiting-new-config
  • hf/encrypt-sensitive-columns
  • hf/encrypted-password-pointer
  • hf/experimental-provider-linking-domains
  • hf/external-host-validation
  • hf/fail-empty-address
  • hf/fallback-to-jwt-secret-if-unknown-kid
  • hf/feat-bump-new-version
  • hf/feat-embedded-migrations
  • hf/fix-apple-oidc-issuer-change
  • hf/fix-argon2
  • hf/fix-authenticate-empty-string
  • hf/fix-azure-large-groups
  • hf/fix-claim-overages-json-azure
  • hf/fix-coveralls-image
  • hf/fix-custom-sms-twilio-verify
  • hf/fix-expose-x-supabase-api-version-header-in-cors
  • hf/fix-id-token-permission
  • hf/fix-idempotent-logout
  • hf/fix-identity-email-verified
  • hf/fix-local-dockerfile
  • hf/fix-mail-headers
  • hf/fix-mfa-config-backward-compatibility
  • hf/fix-new-oidc-provider-apple
  • hf/fix-redirect-ip-address
  • hf/fix-secret-api-key-ignore-aud-claim
  • hf/fix-solana-localhost
  • hf/fix-strip-version
  • hf/fix-supafast
  • hf/fix-timeout-writer
  • hf/fix-write-header
  • hf/fix-write-header-deadlock
  • hf/gomft
  • hf/hook-log
  • hf/inline-mailme
  • hf/limit-low-aal-sessions
  • hf/link-identity-oidc
  • hf/log-json-error-response
  • hf/mail-headers
  • hf/merge-metadata
  • hf/move-email-sms-send-out-of-update-user-transaction
  • hf/openid-configuration
  • hf/phase-ii-ott
  • hf/redirect-url-fragment
  • hf/remove-data-migrations
  • hf/revert-azure-claim-overages
  • hf/saml-array-values
  • hf/saml-encrypted-assertions
  • hf/saml-specific-external-url
  • hf/separate-web3-rate-limits-from-other-token
  • hf/skip-apple-issuer-check-oidc
  • hf/snap
  • hf/split-words-audit-log
  • hf/supafast-tarball
  • hf/support-apple-transfer-sub
  • hf/test-release
  • hf/try-to-run-release-please-again
  • hf/ubuntu-latest
  • hf/upload-artifacts-to-s3
  • hf/use-redirect-url
  • hf/vercel-global-user-id
  • hf/x-sb-error-code
  • iat/align-notifications-defaults
  • iat/auth-840-phone-number-changed-notification
  • iat/auth-841-identity-linked-notifications
  • iat/auth-842-email-send-hooks-for-notifications
  • iat/email-changed-notification
  • iat/mfa-enrollment-notifications
  • iat/password-changed-notification
  • j0/accurately_affect_max_frequency_limit
  • j0/add_additional_info_around_mime_type_error
  • j0/add_context_to_load_factor
  • j0/add_custom_email_sender_hook
  • j0/add_has_factor_claim
  • j0/add_hook_trigger_logic
  • j0/add_last_challenged_at
  • j0/add_mfa_phone_openapi_spec
  • j0/add_mfa_sms
  • j0/add_scrypt_password_hash
  • j0/add_timeout_middleware
  • j0/add_token_for_non_secure_email_change
  • j0/add_twilio_verify_support_for_mfa_phone
  • j0/add_webauthn
  • j0/add_webauthn_config
  • j0/adjust_mfa_status_codes
  • j0/allow_kong_and_edge_functions
  • j0/allow_only_one_phone_factor
  • j0/allow_postgres_and_http_on_extensibility_point
  • j0/backport_auth_namespace_to_enums
  • j0/change_mfa_error_code
  • j0/check_for_phone_identity_on_phone_chang
  • j0/custom_email_hook
  • j0/deprecate_mfa_enabled_config
  • j0/drop_uniqueness_constraint_on_mfa_phone
  • j0/fido2_authenticator_challenge_verify_model
  • j0/fix_email_change_with_phone_auth
  • j0/fix_migration_idempotent_phone_cnfig
  • j0/fix_rc_duplicate_identifier
  • j0/fixes_while_testing
  • j0/forbid_access_token_issuance_without_session
  • j0/hide_hook_name
  • j0/merge_aal_and_amr_update
  • j0/mfa_refactor_load_factor
  • j0/minor_speling_error
  • j0/move_totp_mfa_to_dedicated_fn
  • j0/move_verification_into_mailer_package
  • j0/patch_secure_email_change
  • j0/phone_mfa_refactors
  • j0/prevent_panic_on_email_change
  • j0/publish_to_ghcr
  • j0/refactor_generate_access_token
  • j0/refactor_generate_access_token_to_accept_request
  • j0/remove_deprecated_code
  • j0/remove_find_factors_by_user
  • j0/remove_find_session_by_id
  • j0/remove_set_cookie_tokens
  • j0/remove_totp_field_for_phone_response
  • j0/rename_to_send_sms
  • j0/require_appropriate_aal_for_pw_update
  • j0/return_factor_type_in_challenge
  • j0/send_over_user_in_send_sms_hook
  • j0/update_auth_functions
  • j0/update_error_code_id_token
  • j0/update_hook_schema
  • j0/update_mfa_error_message
  • j0/update_openapi_schema
  • j0/update_openapi_spec
  • j0/update_phone_admin_methods
  • j0/upgrade-contrib-docs
  • j0/upgrade_go_version
  • j0/upgrade_otel_deps
  • j0/validate_send_email
  • j0/webauthn_fixes
  • janek/signup-identities-email-verified
  • km/add-error-codes
  • km/add-error-codes-password-login
  • km/add-ip-based-limits
  • km/add-saml-tests
  • km/alter-auth-uid
  • km/bump-alpine-go
  • km/check-empty-aud
  • km/chore-remove-unused-hook-outputs
  • km/cleanup-anonymous-users
  • km/feat-asymmetric-jwt-support
  • km/fix-admin-update-user
  • km/fix-amr-mfa
  • km/fix-anonymous-user-linking
  • km/fix-attribute-mapping
  • km/fix-auth-hook-error
  • km/fix-auth-hooks
  • km/fix-authorized-emails
  • km/fix-authorized-middleware-check
  • km/fix-cleanup-logging
  • km/fix-context-cancellation
  • km/fix-custom-sms-hook-config
  • km/fix-email-verified
  • km/fix-enable-rls
  • km/fix-external-state
  • km/fix-figma
  • km/fix-ignore-rate-limits-for-autoconfirm
  • km/fix-improve-session-error
  • km/fix-jwt
  • km/fix-linkedin-oidc-issuer
  • km/fix-logging
  • km/fix-mailer-config
  • km/fix-max-password-length-error
  • km/fix-mfa-factors-index
  • km/fix-panic-logout
  • km/fix-panic-refresh-token
  • km/fix-pkce-verify-post
  • km/fix-rate-limit-log-level
  • km/fix-return-error-code
  • km/fix-saml-assertion
  • km/fix-search-path
  • km/fix-serve
  • km/fix-shared-limiter
  • km/fix-signup-generate-link
  • km/fix-signup-verify
  • km/fix-timeout-write-header
  • km/fix-update-attribute-mapping
  • km/fix-update-phone
  • km/fix-update-user
  • km/fix-update-user-email
  • km/fix-update-user-phone-change
  • km/fix-use-factor-id
  • km/format-test-otps
  • km/hotfix-jwt-aud
  • km/improve-logging
  • km/improve-mfa-verify-logs
  • km/improve-saml-logging
  • km/improve-token-oidc-logging
  • km/inactivity-session-bug
  • km/normalise-emails
  • km/phase-iii-ott
  • km/redirect-invalid-state
  • km/ref-retrieve-request-params
  • km/remove-unused-args
  • km/return-identity
  • km/return-session-not-found-error
  • km/update-admin-create-user
  • km/update-chi-version
  • km/update-ci
  • km/update-error-message
  • km/update-golang-jwt
  • km/update-mailme
  • km/update-oapi
  • km/v2.157.1
  • master
  • omerhochman/fix-linkedin-iodc-error
  • optional_2fa
  • or/fallback-on-btree-when-hash-unavailable
  • or/test-twitter-oauth
  • patch-1
  • push-wnvwkqmwrrtk
  • refs/tags/rc2.170.0-rc.10
  • release-please--branches--master
  • release/2.165.0
  • remove-instance-id-queries
  • remove-redundant-method-hookuri-param
  • revert-1534-omerhochman/fix-linkedin-iodc-error
  • revert-1616-km/alter-auth-uid
  • revert-1812-hf/artifact-bucket
  • revert-1856-or/fallback-on-btree-when-hash-unavailable
  • revert-1858-revert-1856-or/fallback-on-btree-when-hash-unavailable
  • sam/packaged-auth
  • scim
  • simplify-request-tracing-middleware-setup-logic
  • single-source-of-truth-for-waitforcleanup
  • siwe-implementation
  • snyk-fix-0720ecd3bfe1e766e52214a3bbab15f5
  • update-docker-container-name
  • update-md-for-resend-endpont
  • vercel-marketplace-oidc

03 Sep 2024 01:46PM UTC coverage: 57.92%. Remained the same
10684300632

Pull #1759

github

staaldraad
fix: sanitizeUser function should clean EmailChange

The sanitizeUser function did not cleanup the EmailChange and
EmailChangeSentAt properties on a User. If a User had a pending
email address change, the new address could be leaked via a crafted
signUp request.
Pull Request #1759: fix: sanitizeUser function should clean EmailChange

2 of 2 new or added lines in 1 file covered. (100.0%)

9138 of 15777 relevant lines covered (57.92%)

55.64 hits per line

Relevant lines Covered
Build:
Build:
15777 RELEVANT LINES 9138 COVERED LINES
55.64 HITS PER LINE
Source Files on fix/update-sanitize-signup
  • Tree
  • List 128
  • Changed 0
  • Source Changed 0
  • Coverage Changed 0
Coverage ∆ File Lines Relevant Covered Missed Hits/Line

Recent builds

Builds Branch Commit Type Ran Committer Via Coverage
10684300632 fix/update-sanitize-signup fix: sanitizeUser function should clean EmailChange The sanitizeUser function did not cleanup the EmailChange and EmailChangeSentAt properties on a User. If a User had a pending email address change, the new address could be leaked via a crafted ... Pull #1759 03 Sep 2024 01:55PM UTC staaldraad github
57.92
See All Builds (1184)

Badge your Repo: auth

We detected this repo isn’t badged! Grab the embed code to the right, add it to your repo to show off your code coverage, and when the badge is live hit the refresh button to remove this message.

Could not find badge in README.

Embed ▾
README BADGES
x

If you need to use a raster PNG badge, change the '.svg' to '.png' in the link

Markdown

Textile

RDoc

HTML

Rst

Refresh
  • Settings
  • Repo on GitHub
STATUS · Troubleshooting · Open an Issue · Sales · Support · CAREERS · ENTERPRISE · START FREE · SCHEDULE DEMO
ANNOUNCEMENTS · TWITTER · TOS & SLA · Supported CI Services · What's a CI service? · Automated Testing

© 2025 Coveralls, Inc