From 873ec1bd6f089f46844c066c68effe6a229b0ec3 Mon Sep 17 00:00:00 2001 From: David Kizivat Date: Fri, 10 May 2024 11:42:26 +0200 Subject: [PATCH] fix amr not existing on user object --- src/app.d.ts | 3 ++- src/hooks.server.ts | 16 +++++++++++----- .../account/(menu)/billing/+page.server.ts | 2 +- src/routes/(admin)/account/+layout.server.ts | 4 ++-- src/routes/(admin)/account/+layout.ts | 10 +++++++++- src/routes/(admin)/account/api/+page.server.ts | 11 +++++------ 6 files changed, 30 insertions(+), 16 deletions(-) diff --git a/src/app.d.ts b/src/app.d.ts index d5cb8968..e80cd0ae 100644 --- a/src/app.d.ts +++ b/src/app.d.ts @@ -1,4 +1,4 @@ -import { Session, SupabaseClient } from "@supabase/supabase-js" +import { Session, SupabaseClient, type AMREntry } from "@supabase/supabase-js" import { Database } from "./DatabaseDefinitions" // See https://kit.svelte.dev/docs/types#app @@ -11,6 +11,7 @@ declare global { safeGetSession: () => Promise<{ session: Session | null user: User | null + amr: AMREntry[] | null }> } interface PageData { diff --git a/src/hooks.server.ts b/src/hooks.server.ts index 00bf7ec1..0cfd821f 100644 --- a/src/hooks.server.ts +++ b/src/hooks.server.ts @@ -47,19 +47,25 @@ export const handle: Handle = async ({ event, resolve }) => { data: { session }, } = await event.locals.supabase.auth.getSession() if (!session) { - return { session: null, user: null } + return { session: null, user: null, amr: null } } const { data: { user }, - error, + error: userError, } = await event.locals.supabase.auth.getUser() - if (error) { + if (userError) { // JWT validation has failed - return { session: null, user: null } + return { session: null, user: null, amr: null } } - return { session, user } + const { data: aal, error: amrError } = + await event.locals.supabase.auth.mfa.getAuthenticatorAssuranceLevel() + if (amrError) { + return { session, user, amr: null } + } + + return { session, user, amr: aal.currentAuthenticationMethods } } return resolve(event, { diff --git a/src/routes/(admin)/account/(menu)/billing/+page.server.ts b/src/routes/(admin)/account/(menu)/billing/+page.server.ts index ec178997..6cdd19b3 100644 --- a/src/routes/(admin)/account/(menu)/billing/+page.server.ts +++ b/src/routes/(admin)/account/(menu)/billing/+page.server.ts @@ -9,7 +9,7 @@ export const load: PageServerLoad = async ({ locals: { safeGetSession, supabaseServiceRole }, }) => { const { session, user } = await safeGetSession() - if (!session) { + if (!session || !user?.id) { throw redirect(303, "/login") } diff --git a/src/routes/(admin)/account/+layout.server.ts b/src/routes/(admin)/account/+layout.server.ts index 4fa70ea3..e91f6932 100644 --- a/src/routes/(admin)/account/+layout.server.ts +++ b/src/routes/(admin)/account/+layout.server.ts @@ -6,14 +6,14 @@ export const load: LayoutServerLoad = async ({ }) => { const { session, user } = await safeGetSession() - if (!session) { + if (!session || !user?.id) { throw redirect(303, "/login") } const { data: profile } = await supabase .from("profiles") .select(`*`) - .eq("id", user.id) + .eq("id", user?.id) .single() return { session, profile } diff --git a/src/routes/(admin)/account/+layout.ts b/src/routes/(admin)/account/+layout.ts index 718016e6..0355cc59 100644 --- a/src/routes/(admin)/account/+layout.ts +++ b/src/routes/(admin)/account/+layout.ts @@ -45,6 +45,8 @@ export const load = async ({ fetch, data, depends, url }) => { data: { user }, } = await supabase.auth.getUser() + const { data: aal } = await supabase.auth.mfa.getAuthenticatorAssuranceLevel() + const profile: Database["public"]["Tables"]["profiles"]["Row"] | null = data.profile @@ -57,7 +59,13 @@ export const load = async ({ fetch, data, depends, url }) => { throw redirect(303, createProfilePath) } - return { supabase, session, profile, user } + return { + supabase, + session, + profile, + user, + amr: aal?.currentAuthenticationMethods, + } } export const _hasFullProfile = ( diff --git a/src/routes/(admin)/account/api/+page.server.ts b/src/routes/(admin)/account/api/+page.server.ts index 85b12363..bdda9286 100644 --- a/src/routes/(admin)/account/api/+page.server.ts +++ b/src/routes/(admin)/account/api/+page.server.ts @@ -44,7 +44,7 @@ export const actions = { } }, updatePassword: async ({ request, locals: { supabase, safeGetSession } }) => { - const { session, user } = await safeGetSession() + const { session, user, amr } = await safeGetSession() if (!session) { throw redirect(303, "/login") } @@ -56,8 +56,7 @@ export const actions = { // Can check if we're a "password recovery" session by checking session amr // let currentPassword take priority if provided (user can use either form) - // @ts-expect-error: we ignore because Supabase does not maintain an AMR typedef - const recoveryAmr = user?.amr?.find((x) => x.method === "recovery") + const recoveryAmr = amr?.find((x) => x.method === "recovery") const isRecoverySession = recoveryAmr && !currentPassword // if this is password recovery session, check timestamp of recovery session @@ -151,7 +150,7 @@ export const actions = { locals: { supabase, supabaseServiceRole, safeGetSession }, }) => { const { session, user } = await safeGetSession() - if (!session) { + if (!session || !user?.id) { throw redirect(303, "/login") } @@ -193,7 +192,7 @@ export const actions = { }, updateProfile: async ({ request, locals: { supabase, safeGetSession } }) => { const { session, user } = await safeGetSession() - if (!session) { + if (!session || !user?.id) { throw redirect(303, "/login") } @@ -239,7 +238,7 @@ export const actions = { } const { error } = await supabase.from("profiles").upsert({ - id: user?.id, + id: user.id, full_name: fullName, company_name: companyName, website: website,