Skip to content

Modify password for already signed in user does not seem to work #58

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Closed
BasBBakker opened this issue May 5, 2023 · 9 comments
Closed

Modify password for already signed in user does not seem to work #58

BasBBakker opened this issue May 5, 2023 · 9 comments
Assignees
@BasBBakker
Labels
bug Something isn't working

Comments

@BasBBakker
Copy link

Bug report

Describe the bug

When I try to update the password of an already signed in User, I get an error and this message in the browser:

{"message":"No API key found in request","hint":"No apikey request header or url param was found."}

This is the code I use:

public async Task ModifyPassword(string newpassword)
{
    
    var attrs = new UserAttributes
    {
        Email = client.Auth.CurrentUser.Email,
        Password = newpassword
       
    
    };
    var response = await client.Auth.Update(attrs);

           

}

Thanks in advance!
@BasBBakker BasBBakker added the bug Something isn't working label May 5, 2023
@acupofjose
Copy link
Contributor

Can you show me how you're initializing the client in your code?

@BasBBakker
Copy link
Author

BasBBakker commented May 6, 2023
edited
Loading

I use the Blazor Webassembly example in the C# supabase library:
https://github.com/supabase-community/supabase-csharp/tree/master/Examples/BlazorWebAssemblySupabaseTemplate

The client is then initialized as per below:

public class AuthService
{
private readonly Supabase.Client client;
private readonly AuthenticationStateProvider customAuthStateProvider;
private readonly ILocalStorageService localStorage;
private readonly ILogger logger;

public AuthService(
     Supabase.Client client,
    AuthenticationStateProvider CustomAuthStateProvider,
    ILocalStorageService localStorage,
    ILogger<AuthService> logger
) : base()
{
    logger.LogInformation("------------------- CONSTRUCTOR -------------------");

    this.client = client;
    customAuthStateProvider = CustomAuthStateProvider;
    this.localStorage = localStorage;
    this.logger = logger;
}

public async Task ModifyPassword(string newpassword)
{


    var attrs = new UserAttributes
    {
        Email = client.Auth.CurrentUser.Email,
        Password = newpassword


    };
    var response = await client.Auth.Update(attrs);




}

}

@acupofjose
Copy link
Contributor

Hm. That's strange. It acts as though your client hasn't been initialized with a supabase_public_key... everything else works as normal?

@BasBBakker
Copy link
Author

BasBBakker commented May 7, 2023 via email

@acupofjose
Copy link
Contributor

Okay. I’m thinking #57 ought to address this when it’s merged! Thanks for your patience!

@BasBBakker
Copy link
Author

It sends an API key and a bearer token.

In the network console I get the message:
{"code":401,"msg":"Password update requires reauthentication."}

Is this because in the payload the email_change_token is null?

{email: "x@x.us", email_change_token: null, password: "xxx", phone: null, data: {}}

@BasBBakker
Copy link
Author

Putting in the email_change_token in the payload gives the same error message.

acupofjose added a commit that referenced this issue May 16, 2023
@acupofjose
Re: #58 - Add the reauthentication endpoint
2baedd7
@acupofjose
Copy link
Contributor

acupofjose commented May 16, 2023
edited
Loading

Okay: some more data for you! You are correct, we are missing the reauthentication endpoint in the current client (commit incoming).

The following currently works:

var email = $"{RandomString(12)}@supabase.io";
var newPassword = "IAmANewSecretPassword!@#";
await client.#(email, "testing123!@#12");
			
await client.Update(new UserAttributes()
{
   Password = newPassword
});

await client.SignOut();
var user = await client.SignIn(email, newPassword);

The above functions provided the following is true:

  • Options.AllowUnconfirmedSessions = true
  • Supabase Admin Panel has email sign-up confirmations turned off
  • Supabase Admin Panel has password change confirmations turned off

Adding the reauthentication endpoint provides support for the following:

The below functions provided the following is true:

  • Supabase Admin Panel has password change confirmations turned on
var email = $"email@example.com";
var initialPassword = ""testing123!@#12";
await client.#(email, initialPassword);

// User has confirmed email 
await client.SignIn(email, initialPassword);

// User is signed in
await client.Reauthenticate();

// User receives email with a nonce
var newPassword = "IAmANewSecretPassword!@#";
await client.Update(new UserAttributes()
{
	Password = newPassword,
	Nonce = RECEIVED_NONCE,
});

The above will be available in 4.0.2

@BasBBakker
Copy link
Author

Works perfect. Thanks a lot!

# for free to join this conversation on GitHub. Already have an account? # to comment
Assignees

@BasBBakker BasBBakker

Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@acupofjose @BasBBakker