Cannot update user password/metadata for unconfirmed signups

[bombillazo]

Bug report

• [x] I confirm this is a bug with Supabase, not with my own application.
• [x] I confirm I have searched the Docs, GitHub Discussions, and Discord.

Describe the bug

If a user was created but has not been confirmed in the database and a signup request is made, the existing user's password is not updated.

We want to be able to update the password of new users upon registration if they are unclaimed. We know they are unclaimed because we store this state in the user metadata.

To Reproduce

Steps to reproduce the behavior, please provide code snippets or a repository:

1. Create a user via SQL or the admin API. This user must be created without confirmation.
2. Run the signup API command and pass user metadata and a password.
3. The user metadata nor password are updated.

Expected behavior

If the user exists and is still not yet confirmed and a new signup request is received for the existing email, it would be good to allow the password to be set with the data received in the payload.

Screenshots

If applicable, add screenshots to help explain your problem.

System information

• Version of supabase-js: 2.24.0

Additional context

Add any other context about the problem here.

[bombillazo]

I believe this is the reason https://github.com/supabase/gotrue/blob/577a97e7aad241fcb8562ded195f8c2e55250272/internal/api/signup.go#L145-L151

[kangmingtay]

@bombillazo you can call the updateUser method after the user has been confirmed if you want to update the user metadata or password subsequently

[bombillazo]

Ok gotcha