Comments (15)
Thanks for opening a PR @chriscarrollsmith. @thorwebdev Do you mean the PR @chriscarrollsmith just opened is not correct or the one you modified in the past (linked at the top by @chriscarrollsmith )? How about something like this?
export async function updateName(formData: FormData) { const fullName = String(formData.get('fullName')).trim(); const supabase = createClient(); // Retrieve the user's ID from the custom users table const { data: userDetails, error: userDetailsError } = await supabase .from('users') .select('id') .single(); if (userDetailsError) { console.error('Failed to retrieve user details:', userDetailsError.message); return getErrorRedirect( '/account', 'User details could not be retrieved.', userDetailsError.message ); } // Update the name in the custom users table const { error: usersUpdateError } = await supabase .from('users') .update({ full_name: fullName }) .match({ id: userDetails?.id }) .single(); if (usersUpdateError) { console.error('Failed to update users table:', usersUpdateError.message); return getErrorRedirect( '/account', 'Users table update failed.', usersUpdateError.message ); } else { return getStatusRedirect( '/account', 'Success!', 'Your name has been updated.' ); } }
He's talking about the past PR. The new PR I just opened should be okay.
from nextjs-subscription-payments.
Alright! Thank you a lot @chriscarrollsmith ! Can I close this issue or the PR needs to be accepted first?
This issue will be automatically closed once the PR is accepted.
from nextjs-subscription-payments.
Same issue, seems to be a problem with the handleRequest function in auth-helpers
If you manually change it inside supabase, it will update it. Otherwise same issue as you.
from nextjs-subscription-payments.
It looks like @thorwebdev rolled back some updates to the database schema where I added stronger RLS and cascaded changes from the auth
table to the users
table. If he explains why he did this, maybe we can find a solution that restores this functionality while addressing his concerns.
The deleted migration file is here:
As an alternative to cascading the changes, it's also possible to manually set up a trigger with the following SQL code:
-- Function to handle updates to existing users
CREATE FUNCTION public.handle_update_user()
RETURNS TRIGGER AS $$
BEGIN
UPDATE public.users
SET full_name = NEW.raw_user_meta_data->>'full_name',
avatar_url = NEW.raw_user_meta_data->>'avatar_url'
WHERE id = NEW.id;
RETURN NEW;
END;
$$ LANGUAGE plpgsql SECURITY DEFINER;
-- Trigger to invoke the function after any update on the auth.users table
CREATE TRIGGER on_auth_user_updated
AFTER UPDATE ON auth.users
FOR EACH ROW EXECUTE FUNCTION public.handle_update_user();
from nextjs-subscription-payments.
Thank you for reaching out with both the commit and the alternative solution @chriscarrollsmith
i have one question: is it a desired behavior that even when I update the display name in the auth users it gets overwritten when I sign out and in again? It resets to the original one from the provider. I decided to update public users table instead and treat that as the source of truth for the display name in the account page.
from nextjs-subscription-payments.
You mean the auth.users table is reverting to the original name, because it's getting the name from the third-party OAuth provider?
No, that's not desired behavior. Maybe your approach is the right one, though.
from nextjs-subscription-payments.
when i change it with
auth.updateUser({
data: { full_name: fullName }
});
it edits the user_metadata correctly
data {
user: {
...
app_metadata: { provider: 'github', providers: [Array] },
user_metadata: {
...
full_name: 'changed names',
but when i sign out and in with the provider again
the user_metadata gets modified just by the signing in back to:
data {
user: {
...
app_metadata: { provider: 'github', providers: [Array] },
user_metadata: {
...
full_name: 'original_username',
from what i understand looking at what's happening when loging in with the provider is that the display name (full_name) gets overwritten on the action of signing in so i shouldn't try to change this value but the value in custom public users table to have the value up to date that doesn't get overwritten.
from nextjs-subscription-payments.
Yes, I see. I think you're right, then. We should be updating the public users table, not the auth table. And we shouldn't be cascading name changes from auth to public.
from nextjs-subscription-payments.
@chriscarrollsmith sorry, the main issue with that was that you're allowing users access to modify admin tables like public.customers
and public.subscriptions
. These tables should never be able to be modified by users themselves. E.g. take this scenario, a user somehow finds out someone else's customer_id and then goes ahead and changes their customer id to the other in the customers table. Now the other customer will be paying for their subscriptions.
from nextjs-subscription-payments.
Thanks for opening a PR @chriscarrollsmith. @thorwebdev Do you mean the PR @chriscarrollsmith just opened is not correct or the one you modified in the past (linked at the top by @chriscarrollsmith )? How about something like this?
export async function updateName(formData: FormData) {
const fullName = String(formData.get('fullName')).trim();
const supabase = createClient();
// Retrieve the user's ID from the custom users table
const { data: userDetails, error: userDetailsError } = await supabase
.from('users')
.select('id')
.single();
if (userDetailsError) {
console.error('Failed to retrieve user details:', userDetailsError.message);
return getErrorRedirect(
'/account',
'User details could not be retrieved.',
userDetailsError.message
);
}
// Update the name in the custom users table
const { error: usersUpdateError } = await supabase
.from('users')
.update({ full_name: fullName })
.match({ id: userDetails?.id })
.single();
if (usersUpdateError) {
console.error('Failed to update users table:', usersUpdateError.message);
return getErrorRedirect(
'/account',
'Users table update failed.',
usersUpdateError.message
);
} else {
return getStatusRedirect(
'/account',
'Success!',
'Your name has been updated.'
);
}
}
from nextjs-subscription-payments.
@chriscarrollsmith sorry, the main issue with that was that you're allowing users access to modify admin tables like
public.customers
andpublic.subscriptions
. These tables should never be able to be modified by users themselves. E.g. take this scenario, a user somehow finds out someone else's customer_id and then goes ahead and changes their customer id to the other in the customers table. Now the other customer will be paying for their subscriptions.
Thanks, @thorwebdev! Yes, once I looked more closely at this, I understood why you rolled it back. I don't think your scenario would work, because there's no way for users to alter their ID in the auth.users table, but they could abuse it in other ways, like by altering their own subscription. Not sure what I was thinking, lol. I will update my latest PR to fix the broken types.
from nextjs-subscription-payments.
Alright! Thank you a lot @chriscarrollsmith ! Can I close this issue or the PR needs to be accepted first?
from nextjs-subscription-payments.
Related Issues (20)
- Cant generate Static pages because navbar uses SSR for user HOT 3
- Stripe link redirects to the wrong URL when returning from the "customer Portal" HOT 1
- Feature Request: Light Mode , Dark Mode HOT 1
- Is using SUPABASE_SERVICE_ROLE_KEY in the app safe? HOT 1
- Issue with trial period setting HOT 1
- Webhook Error: No signatures found matching the expected signature for payload. HOT 3
- Is there a fork of this repo that uses popular ORMs like prisma or drizzle ? HOT 3
- Supabase + Vercel Deploy Button loading forever HOT 3
- No overload matches this call. ./app/account/page.tsx:47 HOT 11
- Getting ECONNREFUSED when starting `npm run dev` HOT 1
- Breaking Change by Stripe: Example needs overhaul HOT 1
- Defining the "Main Deployment URL" HOT 2
- Type error `priceData` HOT 3
- Stuck after setting up Supabase when using "Deploy Now" HOT 6
- Feature Request: Documentation
- Cannot setup supabase local instance HOT 2
- Can't import shadcn button component HOT 2
- Vercel Deploy Button setup process broken HOT 1
- --turbo flag breaks dependencies HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from nextjs-subscription-payments.