supabase / auth

57%

master: 67%

LAST BUILD ON BRANCH km/fix-panic-refresh-token

branch: km/fix-panic-refresh-token

CHANGE BRANCH

x

Reset

Sync Branches

• km/fix-panic-refresh-token
• add-max-length-check-for-email
• bo/docs/readme-code-syntax
• chore-fix-link-to-netlify-gotrue
• chore/testing
• cs/chore-gosec-fixes
• cs/conf-coverage
• cs/feat-config-reloader
• cs/feat-email-and-sms-rate-limiting
• cs/feat-mailer-logging
• cs/feat-rate-limiter-persistence
• cs/feat-validate-email-address
• cs/fix-rate-limit-zero-value-test
• cs/fix-respect-rate-limit-zero
• cs/master-fix-missing-error-propagation
• cs/rate-limit-refactor
• cs/reload-coverage
• dependabot/go_modules/github.com/golang-jwt/jwt/v4-4.5.1
• dependabot/go_modules/github.com/rs/cors-1.11.0
• dependabot/go_modules/golang.org/x/crypto-0.31.0
• dependabot/go_modules/golang.org/x/net-0.23.0
• development
• docs-anon-login-configs
• docs/remove-unused-env-var
• feat-slack-oauth-v2
• feat/min-jwt
• feat_docker_compose_and_go
• figma-auth
• fix-binary-name
• fix-contributing-md
• fix-magiclink-requiredchars
• fix/update-sanitize-signup
• fix_contributing_typo
• hf/aao-in-send-email
• hf/add-authorized-email-addresses
• hf/add-azure-ciam
• hf/add-exhaustive
• hf/add-magic-link-disable-toggle
• hf/add-max-idle-time
• hf/add-one-time-tokens
• hf/add-support-for-argon2
• hf/adjust-required-claims-in-auth-hooks
• hf/artifact-bucket
• hf/captcha-parsing-fix
• hf/chore-release-as-2-165-2
• hf/ci-alpine-3
• hf/ci-dogofooding-checks-on-release
• hf/ci-fast-release-tarball
• hf/ci-fix-binary-version-docker
• hf/ci-fix-coverage-metering
• hf/ci-fix-dogfooding
• hf/ci-fix-dogfooding-take-2
• hf/cover-crypto-100
• hf/email-rate-limiting-new-config
• hf/encrypt-sensitive-columns
• hf/encrypted-password-pointer
• hf/external-host-validation
• hf/feat-bump-new-version
• hf/feat-embedded-migrations
• hf/fix-argon2
• hf/fix-authenticate-empty-string
• hf/fix-coveralls-image
• hf/fix-custom-sms-twilio-verify
• hf/fix-expose-x-supabase-api-version-header-in-cors
• hf/fix-idempotent-logout
• hf/fix-identity-email-verified
• hf/fix-local-dockerfile
• hf/fix-mail-headers
• hf/fix-mfa-config-backward-compatibility
• hf/fix-timeout-writer
• hf/fix-write-header
• hf/fix-write-header-deadlock
• hf/gomft
• hf/hook-log
• hf/inline-mailme
• hf/limit-low-aal-sessions
• hf/log-json-error-response
• hf/mail-headers
• hf/merge-metadata
• hf/phase-ii-ott
• hf/remove-data-migrations
• hf/saml-array-values
• hf/saml-encrypted-assertions
• hf/saml-specific-external-url
• hf/x-sb-error-code
• j0/accurately_affect_max_frequency_limit
• j0/add_additional_info_around_mime_type_error
• j0/add_context_to_load_factor
• j0/add_custom_email_sender_hook
• j0/add_has_factor_claim
• j0/add_hook_trigger_logic
• j0/add_last_challenged_at
• j0/add_mfa_phone_openapi_spec
• j0/add_mfa_sms
• j0/add_scrypt_password_hash
• j0/add_timeout_middleware
• j0/add_token_for_non_secure_email_change
• j0/add_twilio_verify_support_for_mfa_phone
• j0/add_webauthn
• j0/add_webauthn_config
• j0/adjust_mfa_status_codes
• j0/allow_kong_and_edge_functions
• j0/allow_only_one_phone_factor
• j0/allow_postgres_and_http_on_extensibility_point
• j0/backport_auth_namespace_to_enums
• j0/change_mfa_error_code
• j0/check_for_phone_identity_on_phone_chang
• j0/custom_email_hook
• j0/deprecate_mfa_enabled_config
• j0/drop_uniqueness_constraint_on_mfa_phone
• j0/fido2_authenticator_challenge_verify_model
• j0/fix_email_change_with_phone_auth
• j0/fix_migration_idempotent_phone_cnfig
• j0/fix_rc_duplicate_identifier
• j0/fixes_while_testing
• j0/forbid_access_token_issuance_without_session
• j0/hide_hook_name
• j0/merge_aal_and_amr_update
• j0/mfa_refactor_load_factor
• j0/minor_speling_error
• j0/move_totp_mfa_to_dedicated_fn
• j0/move_verification_into_mailer_package
• j0/patch_secure_email_change
• j0/phone_mfa_refactors
• j0/prevent_panic_on_email_change
• j0/publish_to_ghcr
• j0/refactor_generate_access_token
• j0/refactor_generate_access_token_to_accept_request
• j0/remove_deprecated_code
• j0/remove_find_factors_by_user
• j0/remove_find_session_by_id
• j0/remove_set_cookie_tokens
• j0/remove_totp_field_for_phone_response
• j0/rename_to_send_sms
• j0/require_appropriate_aal_for_pw_update
• j0/return_factor_type_in_challenge
• j0/send_over_user_in_send_sms_hook
• j0/update_auth_functions
• j0/update_hook_schema
• j0/update_mfa_error_message
• j0/update_openapi_schema
• j0/update_openapi_spec
• j0/update_phone_admin_methods
• j0/upgrade-contrib-docs
• j0/upgrade_go_version
• j0/upgrade_otel_deps
• j0/validate_send_email
• j0/webauthn_fixes
• janek/signup-identities-email-verified
• km/add-error-codes
• km/add-error-codes-password-login
• km/add-ip-based-limits
• km/add-saml-tests
• km/alter-auth-uid
• km/bump-alpine-go
• km/check-empty-aud
• km/chore-remove-unused-hook-outputs
• km/cleanup-anonymous-users
• km/feat-asymmetric-jwt-support
• km/fix-admin-update-user
• km/fix-anonymous-user-linking
• km/fix-attribute-mapping
• km/fix-auth-hook-error
• km/fix-auth-hooks
• km/fix-authorized-emails
• km/fix-authorized-middleware-check
• km/fix-cleanup-logging
• km/fix-context-cancellation
• km/fix-custom-sms-hook-config
• km/fix-email-verified
• km/fix-enable-rls
• km/fix-external-state
• km/fix-ignore-rate-limits-for-autoconfirm
• km/fix-improve-session-error
• km/fix-jwt
• km/fix-linkedin-oidc-issuer
• km/fix-logging
• km/fix-max-password-length-error
• km/fix-mfa-factors-index
• km/fix-panic-logout
• km/fix-pkce-verify-post
• km/fix-rate-limit-log-level
• km/fix-saml-assertion
• km/fix-search-path
• km/fix-serve
• km/fix-shared-limiter
• km/fix-signup-generate-link
• km/fix-signup-verify
• km/fix-timeout-write-header
• km/fix-update-attribute-mapping
• km/fix-update-phone
• km/fix-update-user
• km/fix-update-user-email
• km/fix-update-user-phone-change
• km/fix-use-factor-id
• km/format-test-otps
• km/hotfix-jwt-aud
• km/improve-logging
• km/improve-mfa-verify-logs
• km/improve-saml-logging
• km/improve-token-oidc-logging
• km/inactivity-session-bug
• km/normalise-emails
• km/phase-iii-ott
• km/redirect-invalid-state
• km/ref-retrieve-request-params
• km/remove-unused-args
• km/return-identity
• km/return-session-not-found-error
• km/update-admin-create-user
• km/update-chi-version
• km/update-error-message
• km/update-golang-jwt
• km/update-mailme
• km/update-oapi
• km/v2.157.1
• master
• omerhochman/fix-linkedin-iodc-error
• optional_2fa
• patch-1
• release/2.165.0
• remove-redundant-method-hookuri-param
• revert-1534-omerhochman/fix-linkedin-iodc-error
• revert-1616-km/alter-auth-uid
• simplify-request-tracing-middleware-setup-logic
• single-source-of-truth-for-waitforcleanup
• snyk-fix-0720ecd3bfe1e766e52214a3bbab15f5
• update-docker-container-name
• update-md-for-resend-endpont
• vercel-marketplace-oidc

Build # 11592000983

Build Type

Pull #1822

github

Committed by kangmingtay

Commit Message

fix: return error if refresh token doesn't have a session_id

Pull Request Pull Request #1822: fix: possible panic if refresh token has a null session_id

Run Details

8 of 13 new or added lines in 1 file covered. (61.54%)

9564 of 16737 relevant lines covered (57.14%)

54.72 hits per line