fix: PKCE flow not emitting password recovery event (#744)

* fix: emit password recovery event for pkce flow * fix: return correct enum * rename variables * fix failing test * return null for non-known string of auth change event * return AuthSessionUrlResponse from exchangeCodeForSession * directly return the results of exchangeCodeForSession from getSessionFromUrl
supabase · Dec 4, 2023 · 65859bd · 65859bd
1 parent 182f7c9
commit 65859bd
Show file tree

Hide file tree

Showing 4 changed files with 37 additions and 19 deletions.
diff --git a/packages/gotrue/lib/gotrue.dart b/packages/gotrue/lib/gotrue.dart
@@ -1,6 +1,7 @@
 library gotrue;
 
-export 'src/constants.dart' hide Constants, GenerateLinkTypeExtended;
+export 'src/constants.dart'
+    hide Constants, GenerateLinkTypeExtended, AuthChangeEventExtended;
 export 'src/gotrue_admin_api.dart';
 export 'src/gotrue_client.dart';
 export 'src/types/auth_exception.dart';

diff --git a/packages/gotrue/lib/src/constants.dart b/packages/gotrue/lib/src/constants.dart
@@ -27,6 +27,17 @@ enum AuthChangeEvent {
   mfaChallengeVerified,
 }
 
+extension AuthChangeEventExtended on AuthChangeEvent {
+  static AuthChangeEvent? fromString(String? val) {
+    for (final event in AuthChangeEvent.values) {
+      if (event.name == val) {
+        return event;
+      }
+    }
+    return null;
+  }
+}
+
 enum GenerateLinkType {
   signup,
   invite,

diff --git a/packages/gotrue/lib/src/gotrue_client.dart b/packages/gotrue/lib/src/gotrue_client.dart
@@ -285,12 +285,18 @@ class GoTrueClient {
   }
 
   /// Verifies the PKCE code verifyer and retrieves a session.
-  Future<AuthResponse> exchangeCodeForSession(String authCode) async {
+  Future<AuthSessionUrlResponse> exchangeCodeForSession(String authCode) async {
     assert(_asyncStorage != null,
         'You need to provide asyncStorage to perform pkce flow.');
 
-    final codeVerifier = await _asyncStorage!
+    final codeVerifierRawString = await _asyncStorage!
         .getItem(key: '${Constants.defaultStorageKey}-code-verifier');
+    if (codeVerifierRawString == null) {
+      throw AuthException('Code verifier could not be found in local storage.');
+    }
+    final codeVerifier = codeVerifierRawString.split('/').first;
+    final eventName = codeVerifierRawString.split('/').last;
+    final redirectType = AuthChangeEventExtended.fromString(eventName);
 
     final Map<String, dynamic> response = await _fetch.request(
       '$_url/token',
@@ -310,15 +316,18 @@ class GoTrueClient {
     await _asyncStorage!
         .removeItem(key: '${Constants.defaultStorageKey}-code-verifier');
 
-    final authResponse = AuthResponse.fromJson(response);
+    final authSessionUrlResponse = AuthSessionUrlResponse(
+        session: Session.fromJson(response)!, redirectType: redirectType?.name);
 
-    final session = authResponse.session;
-    if (session != null) {
-      _saveSession(session);
+    final session = authSessionUrlResponse.session;
+    _saveSession(session);
+    if (redirectType == AuthChangeEvent.passwordRecovery) {
+      notifyAllSubscribers(AuthChangeEvent.passwordRecovery);
+    } else {
       notifyAllSubscribers(AuthChangeEvent.signedIn);
     }
 
-    return authResponse;
+    return authSessionUrlResponse;
   }
 
   /// Allows signing in with an ID token issued by certain supported providers.
@@ -634,14 +643,7 @@ class GoTrueClient {
         throw AuthPKCEGrantCodeExchangeError(
             'No code detected in query parameters.');
       }
-      final data = await exchangeCodeForSession(authCode);
-      final session = data.session;
-      if (session == null) {
-        throw AuthPKCEGrantCodeExchangeError(
-            'No session found for the auth code.');
-      }
-
-      return AuthSessionUrlResponse(session: session, redirectType: null);
+      return await exchangeCodeForSession(authCode);
     }
     var url = originUrl;
     if (originUrl.hasQuery) {
@@ -753,8 +755,9 @@ class GoTrueClient {
           'You need to provide asyncStorage to perform pkce flow.');
       final codeVerifier = generatePKCEVerifier();
       await _asyncStorage!.setItem(
-          key: '${Constants.defaultStorageKey}-code-verifier',
-          value: codeVerifier);
+        key: '${Constants.defaultStorageKey}-code-verifier',
+        value: '$codeVerifier/${AuthChangeEvent.passwordRecovery.name}',
+      );
       codeChallenge = generatePKCEChallenge(codeVerifier);
     }
 

diff --git a/packages/supabase_flutter/test/supabase_flutter_test.dart b/packages/supabase_flutter/test/supabase_flutter_test.dart
@@ -107,7 +107,10 @@ void main() {
         httpClient: pkceHttpClient,
         authOptions: FlutterAuthClientOptions(
           localStorage: MockEmptyLocalStorage(),
-          pkceAsyncStorage: MockAsyncStorage(),
+          pkceAsyncStorage: MockAsyncStorage()
+            ..setItem(
+                key: 'supabase.auth.token-code-verifier',
+                value: 'raw-code-verifier'),
         ),
       );
     });