Closed 0reo closed 3 months ago
Hey,
Thanks for taking the time to report the issue.
- server will return an anonymous user
Rest assured that this is expected. Auth server will disregard autoconfirm where necessary and still return an anonymous user.
- try again with an invalid password, and email still blank(for example, only enter 2 characters with minimum password length set to 6) The request should go through but rest assured that it is not saved as a valid encrypted password
Disallowing auth.signUp
with an empty email is viable but unlikely something we can do at the moment as it would be a breaking change.
I'll file this as feedback. Going to close for now but let us know if there are any other issues in the meantime or anything I've missed or misunderstood and we can re-open
Bug report
Describe the bug
When anonymous sign ins are enabled, auth.signInAnonymously works as expected, but auth.signUp also accepts an empty email and password, and does an anonymous sign in. If no email is provided, the password field is completely ignored. Happens on self-hosted, can't comment on if this happens elsewhere
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
Expected behavior
auth.signUp and auth.signInAnonymously should act independently of each other, otherwise auth.signInAnonymously is pretty well redundent. auth.signUp should always
Screenshots
If applicable, add screenshots to help explain your problem.
System information
Additional context
Posted this issue here first https://github.com/supabase/auth/issues/1735 but posted here as well because I noticed that GoTrueClient.ts check if an email(or phone number) was "provided", but doesn't actually check that they aren't empty. I suspect adjustments should be made on both repos, but feel free to move/consolidate/delete as needed
https://github.com/supabase/auth-js/blob/8222ee198a0ab10570e8b4c31ffb2aeafef86392/src/GoTrueClient.ts#L413-L456