supabase / auth

58%

master: 57%

LAST BUILD ON BRANCH j0/prevent_panic_on_email_change

branch: j0/prevent_panic_on_email_change

CHANGE BRANCH

x

Reset

Sync Branches

• j0/prevent_panic_on_email_change
• add-max-length-check-for-email
• chore-fix-link-to-netlify-gotrue
• cs/chore-gosec-fixes
• cs/feat-config-reloader
• cs/feat-email-and-sms-rate-limiting
• cs/feat-mailer-logging
• cs/feat-rate-limiter-persistence
• cs/fix-rate-limit-zero-value-test
• cs/fix-respect-rate-limit-zero
• dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1
• dependabot/go_modules/github.com/rs/cors-1.11.0
• dependabot/go_modules/golang.org/x/net-0.23.0
• docs-anon-login-configs
• docs/remove-unused-env-var
• feat-slack-oauth-v2
• figma-auth
• fix-magiclink-requiredchars
• fix/update-sanitize-signup
• hf/aao-in-send-email
• hf/add-authorized-email-addresses
• hf/add-azure-ciam
• hf/add-exhaustive
• hf/add-magic-link-disable-toggle
• hf/add-max-idle-time
• hf/add-one-time-tokens
• hf/add-support-for-argon2
• hf/artifact-bucket
• hf/captcha-parsing-fix
• hf/email-rate-limiting-new-config
• hf/encrypted-password-pointer
• hf/encrypt-sensitive-columns
• hf/external-host-validation
• hf/fix-authenticate-empty-string
• hf/fix-custom-sms-twilio-verify
• hf/fix-expose-x-supabase-api-version-header-in-cors
• hf/fix-local-dockerfile
• hf/fix-mail-headers
• hf/fix-mfa-config-backward-compatibility
• hf/fix-timeout-writer
• hf/fix-write-header
• hf/fix-write-header-deadlock
• hf/gomft
• hf/hook-log
• hf/inline-mailme
• hf/log-json-error-response
• hf/mail-headers
• hf/merge-metadata
• hf/phase-ii-ott
• hf/remove-data-migrations
• hf/saml-array-values
• hf/saml-encrypted-assertions
• hf/saml-specific-external-url
• hf/x-sb-error-code
• j0/accurately_affect_max_frequency_limit
• j0/add_additional_info_around_mime_type_error
• j0/add_context_to_load_factor
• j0/add_custom_email_sender_hook
• j0/add_has_factor_claim
• j0/add_hook_trigger_logic
• j0/add_last_challenged_at
• j0/add_mfa_phone_openapi_spec
• j0/add_mfa_sms
• j0/add_scrypt_password_hash
• j0/add_timeout_middleware
• j0/add_token_for_non_secure_email_change
• j0/add_twilio_verify_support_for_mfa_phone
• j0/add_webauthn
• j0/add_webauthn_config
• j0/adjust_mfa_status_codes
• j0/allow_kong_and_edge_functions
• j0/allow_only_one_phone_factor
• j0/allow_postgres_and_http_on_extensibility_point
• j0/backport_auth_namespace_to_enums
• j0/change_mfa_error_code
• j0/check_for_phone_identity_on_phone_chang
• j0/custom_email_hook
• j0/deprecate_mfa_enabled_config
• j0/drop_uniqueness_constraint_on_mfa_phone
• j0/fido2_authenticator_challenge_verify_model
• j0/fixes_while_testing
• j0/fix_migration_idempotent_phone_cnfig
• j0/fix_rc_duplicate_identifier
• j0/forbid_access_token_issuance_without_session
• j0/hide_hook_name
• j0/merge_aal_and_amr_update
• j0/mfa_refactor_load_factor
• j0/minor_speling_error
• j0/move_totp_mfa_to_dedicated_fn
• j0/move_verification_into_mailer_package
• j0/patch_secure_email_change
• j0/phone_mfa_refactors
• j0/publish_to_ghcr
• j0/refactor_generate_access_token
• j0/refactor_generate_access_token_to_accept_request
• j0/remove_deprecated_code
• j0/remove_find_factors_by_user
• j0/remove_find_session_by_id
• j0/remove_set_cookie_tokens
• j0/remove_totp_field_for_phone_response
• j0/rename_to_send_sms
• j0/require_appropriate_aal_for_pw_update
• j0/return_factor_type_in_challenge
• j0/send_over_user_in_send_sms_hook
• j0/update_auth_functions
• j0/update_hook_schema
• j0/update_openapi_schema
• j0/update_openapi_spec
• j0/update_phone_admin_methods
• j0/upgrade-contrib-docs
• j0/upgrade_go_version
• j0/upgrade_otel_deps
• j0/validate_send_email
• j0/webauthn_fixes
• janek/signup-identities-email-verified
• km/add-error-codes
• km/add-error-codes-password-login
• km/add-ip-based-limits
• km/add-saml-tests
• km/alter-auth-uid
• km/bump-alpine-go
• km/check-empty-aud
• km/chore-remove-unused-hook-outputs
• km/cleanup-anonymous-users
• km/feat-asymmetric-jwt-support
• km/fix-admin-update-user
• km/fix-anonymous-user-linking
• km/fix-attribute-mapping
• km/fix-auth-hook-error
• km/fix-auth-hooks
• km/fix-authorized-emails
• km/fix-authorized-middleware-check
• km/fix-context-cancellation
• km/fix-custom-sms-hook-config
• km/fix-enable-rls
• km/fix-external-state
• km/fix-ignore-rate-limits-for-autoconfirm
• km/fix-improve-session-error
• km/fix-jwt
• km/fix-linkedin-oidc-issuer
• km/fix-logging
• km/fix-max-password-length-error
• km/fix-mfa-factors-index
• km/fix-panic-refresh-token
• km/fix-rate-limit-log-level
• km/fix-saml-assertion
• km/fix-search-path
• km/fix-shared-limiter
• km/fix-signup-generate-link
• km/fix-signup-verify
• km/fix-timeout-write-header
• km/fix-update-attribute-mapping
• km/fix-update-phone
• km/fix-update-user
• km/fix-update-user-email
• km/fix-update-user-phone-change
• km/fix-use-factor-id
• km/format-test-otps
• km/hotfix-jwt-aud
• km/improve-mfa-verify-logs
• km/improve-token-oidc-logging
• km/normalise-emails
• km/phase-iii-ott
• km/redirect-invalid-state
• km/ref-retrieve-request-params
• km/remove-unused-args
• km/return-identity
• km/return-session-not-found-error
• km/update-admin-create-user
• km/update-chi-version
• km/update-golang-jwt
• km/update-mailme
• km/v2.157.1
• master
• omerhochman/fix-linkedin-iodc-error
• optional_2fa
• patch-1
• remove-redundant-method-hookuri-param
• revert-1534-omerhochman/fix-linkedin-iodc-error
• revert-1616-km/alter-auth-uid
• simplify-request-tracing-middleware-setup-logic
• single-source-of-truth-for-waitforcleanup
• update-docker-container-name
• vercel-marketplace-oidc

Build # 9767556820

Build Type

Pull #1643

github

Committed by J0

Commit Message

fix: return error gracefully when incorrect email change OTP is entered

Pull Request Pull Request #1643: fix: return proper error message when invalid email_change token is passed in

Run Details

3 of 6 new or added lines in 1 file covered. (50.0%)

8726 of 15110 relevant lines covered (57.75%)

54.46 hits per line