Improve: auth provider check before auth flow #195

ben-fornefeld · 2025-11-24T10:00:28Z

Note

Gate all auth actions behind a Supabase auth health check and update tests to mock the health endpoint.

Backend
- Add checkAuthProviderHealth() in src/server/auth/auth-actions.ts to call GET /auth/v1/health with timeout and caching; returns response.ok.
- Introduce AUTH_PROVIDER_ERROR_MESSAGE and use encodedRedirect('error', ...) when provider is unhealthy.
- Apply health pre-check to signInWithOAuthAction, signUpAction, signInAction, and forgotPasswordAction (preserving returnTo when applicable).
Tests
- In src/__test__/integration/auth.test.ts, mock global fetch for the health check and reset per test; remove redundant vi.resetAllMocks() in afterEach.

^{Written by Cursor Bugbot for commit 17596e6. This will update automatically on new commits. Configure here.}

vercel · 2025-11-24T10:00:33Z

The latest updates on your projects. Learn more about Vercel for GitHub.

Project	Deployment	Preview	Comments	Updated (UTC)
web	Ready	Preview	Comment	Nov 24, 2025 10:14am
web-juliett	Ready	Preview	Comment	Nov 24, 2025 10:14am

src/server/auth/auth-actions.ts

cursor

Bug: Missing health check in forgot password action

The forgotPasswordAction doesn't include a health check before calling supabase.auth.resetPasswordForEmail, while all other auth actions (signInAction, signUpAction, signInWithOAuthAction) now check provider health first. This inconsistency means users could attempt password resets when the auth provider is down, leading to confusing failures instead of the clear error message shown for other auth operations.

src/server/auth/auth-actions.ts#L243-L265

dashboard/src/server/auth/auth-actions.ts

Lines 243 to 265 in 920fa60

    
           export const forgotPasswordAction = actionClient 
        
             .schema(forgotPasswordSchema) 
        
             .metadata({ actionName: 'forgotPassword' }) 
        
             .action(async ({ parsedInput: { email } }) => { 
        
               const supabase = await createClient() 
        
               const { error } = await supabase.auth.resetPasswordForEmail(email) 
        
               if (error) { 
        
                 l.error( 
        
                   { 
        
                     key: 'forgot_password_action:supabase_error', 
        
                     error, 
        
                   }, 
        
                   `Password reset failed: ${error.message || 'Unknown error'}` 
        
                 ) 
        
                 if (error.message.includes('security purposes')) { 
        
                   return returnServerError( 
        
                     'Please wait before requesting another password reset.' 
        
                   ) 
        
                 }

add: auth provider check before auth flow

efe0d86

ben-fornefeld self-assigned this Nov 24, 2025

ben-fornefeld removed their assignment Nov 24, 2025

ben-fornefeld added the improvement Improvements in-code label Nov 24, 2025

dobrac reviewed Nov 24, 2025

View reviewed changes

src/server/auth/auth-actions.ts Show resolved Hide resolved

fix tests:

920fa60

vercel bot deployed to Preview – web November 24, 2025 10:07 View deployment

cursor bot reviewed Nov 24, 2025

View reviewed changes

add: 30 seconds revalidation for health check

fd010d7

vercel bot deployed to Preview – web November 24, 2025 10:13 View deployment

add: health check to forgot password

17596e6

vercel bot deployed to Preview – web November 24, 2025 10:14 View deployment

dobrac approved these changes Nov 24, 2025

View reviewed changes

ben-fornefeld merged commit d9b7a9a into main Nov 24, 2025
6 checks passed

ben-fornefeld deleted the improve-auth-provider-failing-handling branch November 24, 2025 10:20

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Improve: auth provider check before auth flow #195

Improve: auth provider check before auth flow #195

Uh oh!

ben-fornefeld commented Nov 24, 2025 •

edited by cursor bot

Loading

Uh oh!

vercel bot commented Nov 24, 2025 •

edited

Loading

Uh oh!

Uh oh!

cursor bot left a comment

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants


	export const forgotPasswordAction = actionClient
	.schema(forgotPasswordSchema)
	.metadata({ actionName: 'forgotPassword' })
	.action(async ({ parsedInput: { email } }) => {
	const supabase = await createClient()

	const { error } = await supabase.auth.resetPasswordForEmail(email)

	if (error) {
	l.error(
	{
	key: 'forgot_password_action:supabase_error',
	error,
	},
	`Password reset failed: ${error.message \|\| 'Unknown error'}`
	)

	if (error.message.includes('security purposes')) {
	return returnServerError(
	'Please wait before requesting another password reset.'
	)
	}

Improve: auth provider check before auth flow #195

Improve: auth provider check before auth flow #195

Uh oh!

Conversation

ben-fornefeld commented Nov 24, 2025 • edited by cursor bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

vercel bot commented Nov 24, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Uh oh!

cursor bot left a comment

Choose a reason for hiding this comment

Bug: Missing health check in forgot password action

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants

ben-fornefeld commented Nov 24, 2025 •

edited by cursor bot

Loading

vercel bot commented Nov 24, 2025 •

edited

Loading