Files
supabase/apps/studio/components/interfaces/Account/Preferences/AccountIdentities.utils.ts
Pamela Chia 0099ad1aec fix(account): stop sb marker leaking into email toast (#47455)
## Summary

The email-change confirmation toast rendered a trailing `&sb=` ("...sent
to the other email&sb="). The dashboard parsed the auth-redirect URL
fragment with a naive `split('#message=')` that grabbed everything after
the key, including the empty `sb` origin marker the auth service appends
to every redirect fragment (an intentional, server-side Supabase-Auth
identifier so clients can tell a Supabase redirect from a third-party
OAuth one). The marker is working as designed; the bug is that the
dashboard wasn't parsing the fragment as URL params, so I fixed the
parse rather than the marker.

## Changes

- Parse the redirect fragment with `URLSearchParams` via a new
`parseRedirectMessage` helper, reading only the `message` key. Any other
trailing fragment param (the `sb` marker, or future ones) is now ignored
instead of being concatenated into the toast.
- Drop the manual `+`-to-space replacement. `URLSearchParams.get()`
already decodes form-encoded values, and the old `.replaceAll('+', ' ')`
would have clobbered a legitimately encoded `+`.
- Add unit tests for the helper: marker stripped, no hash, no `message`
key, `message` not first, and percent-encoded `+` preserved.

## Testing (Vercel preview)

The toast only reads the URL fragment, so the redirect can be simulated
directly. Do not use the real email round-trip on the preview: a real
confirm-link click is redirected to prod (the backend sets
`redirect_to`), not the preview build.

- [x] On the preview, log in and open the account preferences page with
this fragment appended:
`/account/me#message=Confirmation+link+accepted.+Please+proceed+to+confirm+link+sent+to+the+other+email&sb=`
— toast shows the clean sentence with no `&sb=`.
- [x] Open the same page with no fragment — no toast fires.

## Linear

- fixes GROWTH-938


<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->

## Summary by CodeRabbit

* **Bug Fixes**
* Improved how success messages are read after redirect in account
identity preferences, so notifications now display the correct text more
reliably.
* Supported messages with spaces and special characters, including cases
where the message appears later in the URL fragment.

<!-- end of auto-generated comment: release notes by coderabbit.ai -->
2026-07-01 15:24:51 +08:00

3 lines
134 B
TypeScript

export const parseRedirectMessage = (asPath: string) =>
new URLSearchParams(asPath.split('#')[1] ?? '').get('message') ?? undefined