Comments (4)
PR here: #58
from gotrue-js.
Hello, maybe this isn't an issue anymore but after looking around I've found that gotrue reset new_email
to ''
only after confirmation, which is then omitted on serialization.
Also maybe this is expected behavior as unconfirmed email doesn't seem to enable sign-in?
from gotrue-js.
Hi all! I don't suppose there is any progress on this one? I noticed there were a few conflicts on the PR #58 which was from a while back. Ideally, I've love to be able to update the user's email directly without using the new_email
field which I think requires the user to validate before it gets added as the user's actual email. Thanks!
from gotrue-js.
Hey everyone, updating a user's email requires at least a single confirmation from the user. The typical flow is as follows:
- User logs in
- User updates email via
PUT /user
- Gotrue sends a confirm email change link to the
new_email
- User clicks on confirm email change link by logging into the
new_email
address provided
The new_email
field indicates the email that the user wants to update to. Maybe we should consider renaming it if it seems confusing.
Ideally, I've love to be able to update the user's email directly without using the new_email field which I think requires the user to validate before it gets added as the user's actual email.
@markwcollins user validation is a necessary security feature for email updates. A malicious user can potentially call the email update endpoint, change the user's email to theirs and perform a password reset action which sends a password reset link to the update email address.
Closing this for now but feel free to reopen it if i've misunderstood the issue.
from gotrue-js.
Related Issues (20)
- `GoTrueClient` Memory Leak HOT 24
- No recovery email sent after sign up a second time after provider login HOT 1
- Error: Permission denied to access property "then" for Firefox Extensions HOT 1
- supabase.auth.signInWithIdToken() authunknownerror when used on real ios device
- Add missing 'is_anonymous' property to the User type
- Can't get rid of getUser() warning HOT 121
- "User with this email not found" error when using generateLink HOT 9
- Google OAuth doesn't work in Safari with next-js-auth-helpers HOT 1
- New, unsigned in user can not be deleted from supabase console. HOT 1
- [email protected] breaks client auth with edge functions HOT 15
- New error code is missing in error object
- user object warning logged, even when not touching `session.user` HOT 34
- Security and performance risk with `getUser` and `getSession` HOT 6
- Global supabase.auth.signOut() doesn't fire the "SIGNED_OUT" event for onAuthStateChange in other instances where a user is logged in HOT 6
- Current session lost when auth function call fails HOT 1
- Impossible to check null session without getSession warning HOT 10
- `getSession` should validate the session with the JWT_SECRET HOT 2
- getAuthenticatorAssuranceLevel() triggers "getSession() could be insecure" warnings HOT 5
- PKCE flow issue with other than supabase `code` query in URL
- Still having getSession warning whenever _saveSession is called HOT 16
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gotrue-js.