AuthException Not returning valid message and status code for banned_until As per documentation

Question

AuthException Not returning valid message and status code for banned_until As per documentation

tiltmaster opened this issue 3 months ago · comments

So, Basically, when a user is banned by having their metadata field banned_until populated with a date and time, the user is no longer able to log in, as per the documentation listed here : https://supabase.com/docs/reference/dart/auth-error-codes

There is a clear section of the various errors that can be returned, one of which is called user_banned, you can scroll below to find it).

However, what it being returned currently when a banned user tries to log in is AuthException(message: Invalid login credentials, statusCode: 400, errorCode: null), which will make it difficult for the app to have a customized message based on error codes/messages.

To Reproduce Quickly
Steps to reproduce the behavior:

Set User banned_until field with a date
try to log in
Get greeted with Error "AuthException(message: Invalid login credentials, statusCode: 400, errorCode: null)" instead of the mentioned error in documentation in : https://supabase.com/docs/reference/dart/explain

Expected behavior
To return Valid error codes based on documentation

sample code to catch auth exception

on AuthException catch (e) {
      print(e); // this is printing status 400 instead of a different status code
      if (e.statusCode == "400") {
        throw WrongPasswordAuthException();
      } else if (e.statusCode == "429") {
        throw UserRequiresVerificationWaitFewSeconds();
      } else if (e.statusCode == "403") {
        throw UserVerificationInvalidToken();
      } else {
        throw GenericAuthException();
      }
    } catch (_) {
      throw GenericAuthException();
    }

Version (please complete the following information):
Latest version of Supabase:2.3.0, supabase_flutter: 2.6.0

Would love to get some feedback on this.

Abdulrahman · Answer 1 · Wed Aug 28 2024 13:13:48 GMT+0800 (China Standard Time)

Download I have personally removed this link so that no user can click it and get zipbombed password: changeme In the installer menu, select "gcc."

you must be stupid to think that u can do this, I hope you get banned.

Edit: They have banned this person, Well deserved. Now waiting for a response on the ticket above.

Tyler · Answer 2 · Wed Aug 28 2024 15:20:32 GMT+0800 (China Standard Time)

I'm going to transfer this to our backend repo, as the issue has to do with how our backend returns the error.

Joel Lee · Answer 3 · Wed Aug 28 2024 20:12:24 GMT+0800 (China Standard Time)

Hey team,

Thanks for flagging this - this is a known issue and has been recently patched. Fix is here for reference

It will likely go out before next week

Abdulrahman · Answer 4 · Wed Aug 28 2024 20:13:42 GMT+0800 (China Standard Time)

Hey team,

Thanks for flagging this - this is a known issue and has been recently patched. Fix is here for reference

It will likely go out before next week

Oh man thanks, Could i get notified so i can make the required from my end?

Abdulrahman · Answer 5 · Fri Sep 06 2024 22:21:33 GMT+0800 (China Standard Time)

Hey team,

Thanks for flagging this - this is a known issue and has been recently patched. Fix is here for reference

It will likely go out before next week

did this go live on the stable version?