Cannot change email to the same value of existing auth.identities record for non-"email" providers #1060
Comments
This was referenced Apr 19, 2023
kangmingtay
added a commit
that referenced
this issue
Apr 20, 2023
…er (#1092) ## What kind of change does this PR introduce? * Fixes #1060, #988 * Allows one to pass in an optional `currentUser` into `IsDuplicatedUser` to exclude the user's identities when checking for duplicates * This is optional because on signup / admin create user, there won't be a current user so it's guaranteed that any identities found belongs to a different user. ## Current behaviour * Currently, `IsDuplicatedEmail` only accepts an `email` and an `aud` and uses those fields to check if the `auth.identities` table has identities with the same email. When this is used in the context of updating a user's email (`PUT /user`), `IsDuplicatedEmail` will also include identities that belong to the current user. --------- Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>
|
🎉 This issue has been resolved in version 2.60.9 🎉 The release is available on GitHub release Your semantic-release bot 📦🚀 |
uxodb
pushed a commit
to uxodb/auth
that referenced
this issue
Nov 13, 2024
…er (supabase#1092) ## What kind of change does this PR introduce? * Fixes supabase#1060, supabase#988 * Allows one to pass in an optional `currentUser` into `IsDuplicatedUser` to exclude the user's identities when checking for duplicates * This is optional because on signup / admin create user, there won't be a current user so it's guaranteed that any identities found belongs to a different user. ## Current behaviour * Currently, `IsDuplicatedEmail` only accepts an `email` and an `aud` and uses those fields to check if the `auth.identities` table has identities with the same email. When this is used in the context of updating a user's email (`PUT /user`), `IsDuplicatedEmail` will also include identities that belong to the current user. --------- Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this issue
Nov 13, 2024
…er (supabase#1092) ## What kind of change does this PR introduce? * Fixes supabase#1060, supabase#988 * Allows one to pass in an optional `currentUser` into `IsDuplicatedUser` to exclude the user's identities when checking for duplicates * This is optional because on signup / admin create user, there won't be a current user so it's guaranteed that any identities found belongs to a different user. ## Current behaviour * Currently, `IsDuplicatedEmail` only accepts an `email` and an `aud` and uses those fields to check if the `auth.identities` table has identities with the same email. When this is used in the context of updating a user's email (`PUT /user`), `IsDuplicatedEmail` will also include identities that belong to the current user. --------- Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>
LashaJini
pushed a commit
to LashaJini/auth
that referenced
this issue
Nov 15, 2024
…er (supabase#1092) ## What kind of change does this PR introduce? * Fixes supabase#1060, supabase#988 * Allows one to pass in an optional `currentUser` into `IsDuplicatedUser` to exclude the user's identities when checking for duplicates * This is optional because on signup / admin create user, there won't be a current user so it's guaranteed that any identities found belongs to a different user. ## Current behaviour * Currently, `IsDuplicatedEmail` only accepts an `email` and an `aud` and uses those fields to check if the `auth.identities` table has identities with the same email. When this is used in the context of updating a user's email (`PUT /user`), `IsDuplicatedEmail` will also include identities that belong to the current user. --------- Co-authored-by: Joel Lee <lee.yi.jie.joel@gmail.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Bug report
Describe the bug
User cannot change email to the same value of existing
auth.identitiesrecord for non-"email" providers.To Reproduce
signUp().auth.identitiestable with a value of "email" for theprovidercolumn and a value of "foo@bar.com" for theemailcolumn.signInWithOAuth()with a Twitter account that has the email address "foo@bar.com" registered.auth.identitiestable with a value of "twitter" for theprovidercolumn and a value of "foo@bar.com" for theemailcolumn.updateUser({email: 'newEmail@bar.com'}).emailcolumn value for the record with a value of "email" in theprovidercolumn in theauth.identitiestable is changed to "newEmail@bar.com".updateUser({email: 'foo@bar.com'}).Expected behavior
If none of the records in the
auth.identitiestable with a value of "email" for theprovidercolumn have the same email address as the one being updated, it is possible to change the email address to that value.The text was updated successfully, but these errors were encountered: