Skip to content

fix(auth): resolve session user by token subject ID #26399

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
emrysal merged 3 commits into from
Jan 2, 2026
Merged

fix(auth): resolve session user by token subject ID #26399

emrysal merged 3 commits into from
Jan 2, 2026

Conversation

@pedroccastro
Copy link
Contributor

@pedroccastro pedroccastro commented Jan 2, 2026

What does this PR do?

Updates session user resolution to use the token subject (sub) for user lookup instead of email. This aligns the implementation with the immutable token identifier pattern and improves consistency in session handling.

Changes

  • Changed user lookup in getServerSession from email-based to ID-based query
  • Added validation for token subject before database lookup
  • Updated logging to warn on invalid or missing user ID in token

How to test

  1. Login with any account
  2. Navigate through the app → session should work normally
  3. Change email via Settings → Profile → Email change flow should work
  4. Run unit tests: yarn test

Mandatory Tasks

  • I have self-reviewed the code (A decent size PR without self-review might be rejected).
  • N/A I have updated the developer docs in /docs if this PR makes changes that would require a documentation change.
  • I confirm automated tests are in place that prove my fix is effective or that my feature works.

@vercel
Copy link

vercel bot commented Jan 2, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

3 Skipped Deployments
Project Deployment Review Updated (UTC)
cal Ignored Ignored Jan 2, 2026 4:15pm
cal-companion Ignored Ignored Preview Jan 2, 2026 4:15pm
cal-eu Ignored Ignored Jan 2, 2026 4:15pm

@pedroccastro pedroccastro marked this pull request as ready for review January 2, 2026 16:16
@graphite-app graphite-app bot added foundation core area: core, team members only labels Jan 2, 2026
@graphite-app graphite-app bot requested a review from a team January 2, 2026 16:16
cubic-dev-ai[bot]
cubic-dev-ai bot reviewed Jan 2, 2026
View reviewed changes
Copy link
Contributor

@cubic-dev-ai cubic-dev-ai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No issues found across 3 files

@emrysal emrysal enabled auto-merge (squash) January 2, 2026 16:30
@emrysal emrysal merged commit 421936d into main Jan 2, 2026
71 of 74 checks passed
@emrysal emrysal deleted the fix/auth-session-user-resolution branch January 2, 2026 16:31
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cubic-dev-ai cubic-dev-ai[bot] cubic-dev-ai[bot] left review comments

@emrysal emrysal emrysal approved these changes

Assignees

No one assigned

Labels

core area: core, team members only foundation ready-for-e2e size/L

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@pedroccastro @emrysal