search

supabase-community / gotrue-csharp

C# implementation of Supabase's GoTrue
https://supabase-community.github.io/gotrue-csharp/api/Supabase.Gotrue.Client.html
MIT License
39 stars 27 forks source link

Modify password for already signed in user does not seem to work #58

Closed BasBBakker closed 1 year ago

BasBBakker commented 1 year ago

Bug report

Describe the bug

When I try to update the password of an already signed in User, I get an error and this message in the browser:

{"message":"No API key found in request","hint":"No apikey request header or url param was found."}

This is the code I use:

public async Task ModifyPassword(string newpassword)
{

    var attrs = new UserAttributes
    {
        Email = client.Auth.CurrentUser.Email,
        Password = newpassword

    };
    var response = await client.Auth.Update(attrs);

}

Thanks in advance!

acupofjose commented 1 year ago

Can you show me how you're initializing the client in your code?

BasBBakker commented 1 year ago

I use the Blazor Webassembly example in the C# supabase library: https://github.com/supabase-community/supabase-csharp/tree/master/Examples/BlazorWebAssemblySupabaseTemplate

The client is then initialized as per below:

public class AuthService { private readonly Supabase.Client client; private readonly AuthenticationStateProvider customAuthStateProvider; private readonly ILocalStorageService localStorage; private readonly ILogger logger;

public AuthService(
     Supabase.Client client,
    AuthenticationStateProvider CustomAuthStateProvider,
    ILocalStorageService localStorage,
    ILogger<AuthService> logger
) : base()
{
    logger.LogInformation("------------------- CONSTRUCTOR -------------------");

    this.client = client;
    customAuthStateProvider = CustomAuthStateProvider;
    this.localStorage = localStorage;
    this.logger = logger;
}

public async Task ModifyPassword(string newpassword)
{

    var attrs = new UserAttributes
    {
        Email = client.Auth.CurrentUser.Email,
        Password = newpassword

    };
    var response = await client.Auth.Update(attrs);

}

}

acupofjose commented 1 year ago

Hm. That's strange. It acts as though your client hasn't been initialized with a supabase_public_key... everything else works as normal?

BasBBakker commented 1 year ago

Yes, so far no other problems! (login, logout, login with OTP, login with password, fetching data, all works fine).

Sorry for the inconvenience! From: Joseph Schultz @.> Sent: Saturday, May 6, 2023 11:04 PM To: supabase-community/gotrue-csharp @.> Cc: Bas Bakker @.>; Assign @.> Subject: Re: [supabase-community/gotrue-csharp] Modify password for already signed in user does not seem to work (Issue #58)

Hm. That's strange. It acts as though your client hasn't been initialized with a supabase_public_key... everything else works as normal?

— Reply to this email directly, view it on GitHubhttps://github.com/supabase-community/gotrue-csharp/issues/58#issuecomment-1537276439, or unsubscribehttps://github.com/notifications/unsubscribe-auth/AGAYO3U57CHY7JER3WCG463XE4GIJANCNFSM6AAAAAAXXM722Q. You are receiving this because you were assigned.Message ID: @.**@.>>

acupofjose commented 1 year ago

Okay. I’m thinking #57 ought to address this when it’s merged! Thanks for your patience!

BasBBakker commented 1 year ago

It sends an API key and a bearer token.

In the network console I get the message: {"code":401,"msg":"Password update requires reauthentication."}

Is this because in the payload the email_change_token is null?

{email: "x@x.us", email_change_token: null, password: "xxx", phone: null, data: {}}

BasBBakker commented 1 year ago

Putting in the email_change_token in the payload gives the same error message.

acupofjose commented 1 year ago

Okay: some more data for you! You are correct, we are missing the reauthentication endpoint in the current client (commit incoming).

The following currently works:

var email = $"{RandomString(12)}@supabase.io";
var newPassword = "IAmANewSecretPassword!@#";
await client.SignUp(email, "testing123!@#12");

await client.Update(new UserAttributes()
{
   Password = newPassword
});

await client.SignOut();
var user = await client.SignIn(email, newPassword);

The above functions provided the following is true:

Adding the reauthentication endpoint provides support for the following:

The below functions provided the following is true: 

var email = $"email@example.com";
var initialPassword = ""testing123!@#12";
await client.SignUp(email, initialPassword);

// User has confirmed email 
await client.SignIn(email, initialPassword);

// User is signed in
await client.Reauthenticate();

// User receives email with a nonce
var newPassword = "IAmANewSecretPassword!@#";
await client.Update(new UserAttributes()
{
    Password = newPassword,
    Nonce = RECEIVED_NONCE,
});

The above will be available in 4.0.2

BasBBakker commented 1 year ago

Works perfect. Thanks a lot!