## Problem
We used to have a `_Shadcn_` suffix for all the shadcn form components
because we also had `formik` form components.
This is not needed anymore.
## Solution
- Remove the suffix
- Update all usages
## Problem
We currently have 2 libraries for schema validation: `yup` that was used
with `formik` and `zod` which is now the preferred one.
## Solution
- Migrate to `zod`
- Fix validation isn't applied on email template form
- Fix `react-hook-form` form state usage
No visual changes.
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Refactor**
* Switched form validation to a unified Zod-based approach across
authentication UIs.
* **Improvements**
* Template editor and email templates now validate via provided Zod
schemas.
* SMTP and captcha settings receive conditional validation, improved
numeric handling, and clearer required-field behavior.
* Validation import/style consistency tidied.
* **Bug Fixes**
* Consistent dirty-state detection so Save/Cancel visibility and
enabled/disabled behavior are reliable across auth forms.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
## Problem
The input groups components introduced in #44282 don't have the
validation attributes when invalid. This hurts accessibility and also
break the design:
<img width="1730" height="324" alt="image"
src="https://github.com/user-attachments/assets/a3fb8d86-f3a8-46bb-aa53-d0599c11f056"
/>
## Solution
This is because the wrapper `<FormControl_Shadcn_>` passes the
validation props to its direct child.
The solution is to avoid applying them on the `<InputGroup>` and to
apply them manually on the inputs.
I also fixed a small accessibility issue by moving the addon texts after
the input so that screen readers announce them in the correct order. No
visual change for this
<img width="587" height="158" alt="image"
src="https://github.com/user-attachments/assets/1f8858ea-6659-45f9-964e-8c43a7fe14ba"
/>
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Style**
* Unified numeric input layout by moving unit labels/suffixes (e.g.,
"seconds", "GB", "%", "connections", "digits", "IOPS", "MB/s", "rows")
to appear after their inputs for a consistent, predictable form
appearance.
* **Accessibility**
* Form controls now expose IDs and ARIA attributes from form context
when available, improving screen-reader descriptions and error
association.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
---------
Co-authored-by: Ivan Vasilov <vasilov.ivan@gmail.com>
## Description
Fixes#43800
When editing SMTP settings while custom SMTP is already enabled, the
form footer was incorrectly displaying "Rate limit for sending emails
will be increased to 30". The rate limit is only set during the initial
enable transition, so the message and submit behavior were out of sync.
## Changes
This fix aligns the footer message with the submit logic (Option A from
the issue):
- **Enabling SMTP**: Shows rate limit increase message
- **Already enabled, editing settings**: Shows "Custom SMTP settings
will be updated"
- **Disabling SMTP**: Shows rate limit reduction message
## Testing
1. Go to Authentication → SMTP Settings
2. Enable custom SMTP and save (rate limit is set to 30)
3. Edit any SMTP field (e.g. change host or port)
4. Footer now correctly shows "Custom SMTP settings will be updated"
instead of the rate limit message
Made with [Cursor](https://cursor.com)
---------
Co-authored-by: vj2303 <vishnu.jangid@ax-ia.ai>
Co-authored-by: Danny White <3104761+dnywh@users.noreply.github.com>
## I have read the
[CONTRIBUTING.md](https://github.com/supabase/supabase/blob/master/CONTRIBUTING.md)
file.
YES
## What kind of change does this PR introduce?
Bug fix
## What is the current behavior?
Currently, the SMTP Host input field in the Project Dashboard
(Authentication > Email > SMTP Settings) does not sanitize whitespace.
If a user accidentally pastes a hostname with leading or trailing spaces
(e.g., " smtp.resend.com "), the DNS lookup fails during the OTP
delivery process.
This results in the following error in the Auth logs:
```"dial tcp: lookup smtp.resend.com on 127.0.0.53:53: server misbehaving"```
Noticed, the other input fields of Sender details and Host, Username and Password under SMTP Provider settings take leading and trailing whitespaces as well.
## What is the new behavior?
Input sanitization has been applied across the SMTP configuration schema. The following fields now utilize .trim() to ensure data integrity:
- SMTP_HOST
- SMTP_ADMIN_EMAIL & SMTP_SENDER_NAME
- SMTP_USER
- SMTP_PASS
## Screenshots:
Before Fix:
<img width="604" height="198" alt="Screenshot 2026-03-09 at 2 04 49 AM" src="https://github.com/user-attachments/assets/76ae23a6-3ad8-4f82-8f0f-ab12f4168e81" />
After Fix:
<img width="594" height="194" alt="Screenshot 2026-03-09 at 1 58 48 AM" src="https://github.com/user-attachments/assets/03f64294-0bfe-4fca-a82b-12ee07a6d218" />
This fixes the issue #43529
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Update perms checking in audit logs
* Deprecate useCheckPermissions, useIsPermissionsLoaded and useCheckProjectPermissions as they're no longer used
* Rename useAsyncCheckProjectPermissions to useAsyncCheckPermissions
* Fix TS
* Part 1 of swapping useCheckPermissions with useAsyncCheckProjectPermissions
* Update apps/studio/hooks/misc/useCheckPermissions.ts
Co-authored-by: Drake Costa <drake@saeris.io>
* Address feedback
---------
Co-authored-by: Drake Costa <drake@saeris.io>
* all settings moved into the right places
* clean a few things up
* update ui for auth settings
* more updating
* rearrange settings
* Update SmtpForm.tsx
* updated styling
* add old auth page to show links
* add copy
* udpate copy
* smtp links
* auth fixes
* Smol fix
* Another smol fix
* Fix tab page menu selection
* Add missing border
* Gah one last one
* Smol improvement for redirects from settings/auth to use id
* Update apps/studio/components/layouts/AuthLayout/AuthLayout.utils.ts
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Update apps/studio/pages/project/[ref]/auth/mfa.tsx
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Update apps/studio/pages/project/[ref]/auth/mfa.tsx
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* remove recommendation
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Kang Ming <kang.ming1996@gmail.com>
* Add lucide-react to docs (to make the autocomplete work).
* Migrate the docs app icons.
* Migrate the ui-patterns.
* Remove the old icons from ui package.
* Migrate the www app from react-feather icons.
* Migrate all of studio icons.
* Migrate the only component in design-system.
* Fix an old import in ui package. Revert an import in docs app.
* Fix some pages in www.
* Remove unneeded files used in generation of icons.
* Fix a prettier error.
* Fix more issues in www.
* Fix an issue in Log Date picker.
* Replace all string sizes with number sizes because the icons grew in some cases.
* Fix more imports in security page.
* Fix an extra import.
* Remove the size prop from all icons if they're in a button and they match the button size.
* Minor fixes for docs and www.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
* Update the design of the sonner toasts. Add the close button by default.
* Migrate studio and www apps to use the SonnerToaster.
* Migrate all toasts from studio.
* Migrate all leftover toasts in studio.
* Add a new toast component with progress. Use it in studio.
* Migrate the design-system app.
* Refactor the consent toast to use sonner.
* Switch docs to use the new sonner toasts.
* Remove toast examples from the design-system app.
* Remove all toast-related components and old code.
* Fix the progress bar in the toast progress component. Also make the bottom components vertically centered.
* Fix the width of the toast progress.
* Use text-foreground-lighter instead of muted for ToastProgress text
* Rename ToastProgress to SonnerProgress.
* Shorten the text in sonner progress.
* Use the correct classes for the close button. Add a const var for the default toast duration. Remove the custom width class from sonner.
* Set the position for all progress toasts to bottom right. Set the duration for all toasts to the default (when reusing a toast id from loading/progress toast, the duration is set to infinity).
* Fix the playwright tests.
* Refactor imports to use ui instead of @ui.
* Change all imports of react-hot-toast with sonner. These components were merged since the last commit to this branch.
* Remove react-hot-toast lib.
---------
Co-authored-by: Joshen Lim <joshenlimek@gmail.com>
Co-authored-by: Jonathan Summers-Muir <MildTomato@users.noreply.github.com>
* fix: update Permission params
* fix: upgrade check permission hook to support project level role
* fix: usePermissionsLoaded
* fix: Permission params can be undefined
* Scaffold new access management UI
* Add validation
* Update roles view
* Add tooltip
* Add button to apply role to all projects
* Update UI to select projects first instead of roles
* Merge master update UI
* Midway trying to implementation project level perms API
* First pass implementating updating project level permissions
* Add client side validation for assigning/removing roles
* Midway implementing new invites
* Integrate most of the project level permissions functionality
* fix: filter out org-level permissions before checking
* Add relevant UI guards in org level pages for project role POV
* Minor refactors
* Small refactors
* More fixes
* Moar refactors
* More fixes
* More fixes
* Refactor update role logic and smack some test cases on it
* Fixes
* Fix type issue
* Fix type
* more fixes, refactors, adding checks...
* MORE fixes
* Add perms checking for replicas
* Add ButtonTooltip component and use them to prevent repetition of pointer events auto for buttons with tooltips
* Convert all buttons with tooltips to use ButtonTooltip
* refactor
* PRettier
* Small fix
* Remove commented out code in organization-invitation-accept-mutation
* fix: switch to use the platform oauth authorizations routes
* Add perms checking for org audit logs and org oauth apps
* PRettier
* Fix incorrect URL for oauth app flow
* Fix incorrect URL for oauth app flow
* Fix
* Add perms checking for warehouse related UI
* Update roles helper icon
* remove unused lib
* Update package lock... again
* Update package lock... again
* Smalllll update
* Update some checks
* Add gate for project level permissions
* Last fix
* update codegen
* Update warehouse endpoint routes
* Fix
---------
Co-authored-by: phamhieu <phamhieu1998@gmail.com>
Co-authored-by: Alaister Young <a@alaisteryoung.com>
* Move all studio files from /studio to /apps/studio.
* Move studio specific prettier ignores.
* Fix the ui references from studio.
* Fix the css imports.
* Fix all package.json issues.
* Fix the prettier setup for the studio app.
* Add .turbo folder to prettierignore.
* Fix the github workflows.
Gildas Garcia