-
Notifications
You must be signed in to change notification settings - Fork 356
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update identities email_verified on email signup #1621
base: master
Are you sure you want to change the base?
Update identities email_verified on email signup #1621
Conversation
I think the same is happening for smsVerify and the respective phone_verified fields, do you want me to add this to this PR? |
Feel free to add it, will give a thorough look to the PR when a slot frees up.. |
Pull Request Test Coverage Report for Build 9510681514Details
💛 - Coveralls |
@@ -335,6 +335,18 @@ func (a *API) signupVerify(r *http.Request, ctx context.Context, conn *storage.C | |||
if terr = user.Confirm(tx); terr != nil { | |||
return internalServerError("Error confirming user").WithInternalError(terr) | |||
} | |||
|
|||
if identity, terr := models.FindIdentityByIdAndProvider(tx, user.ID.String(), "email"); terr != nil { | |||
if !models.IsNotFoundError(terr) { |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
why skip IsNotFoundError? in Signup flow, user and identity will be both inserted, identity record should be found here.
Hi, Face this issue while working with Supabase auth. Any update on this? |
What kind of change does this PR introduce?
This PR fixes a bug where the email_verified field in the identities table is not updated when a user's email is confirmed. This change ensures that the email verification status is correctly reflected in the JWT.
What is the current behavior?
When the user gets an email confirmation link the GET /verify request is called. This goes through the verifyGet method which then calls the signupVerify method. There the AuditLogEntry is created, then the Confirm method on the user is called which updates the
confirmation_token
andemail_confirmed_at
, and also clears the OneTimeTokens for the user. However, theemail_confirmed
field on the identities table does not get updated to true.#1620
What is the new behavior?
When a GET /verify request is called for a mail signup verification, the signupVerify method now updates the
email_verified
property to true on theidentity_data
field on theidentities
table