mirror of
https://github.com/supabase/supabase.git
synced 2026-07-16 04:26:19 -04:00
0099ad1aec
## Summary
The email-change confirmation toast rendered a trailing `&sb=` ("...sent
to the other email&sb="). The dashboard parsed the auth-redirect URL
fragment with a naive `split('#message=')` that grabbed everything after
the key, including the empty `sb` origin marker the auth service appends
to every redirect fragment (an intentional, server-side Supabase-Auth
identifier so clients can tell a Supabase redirect from a third-party
OAuth one). The marker is working as designed; the bug is that the
dashboard wasn't parsing the fragment as URL params, so I fixed the
parse rather than the marker.
## Changes
- Parse the redirect fragment with `URLSearchParams` via a new
`parseRedirectMessage` helper, reading only the `message` key. Any other
trailing fragment param (the `sb` marker, or future ones) is now ignored
instead of being concatenated into the toast.
- Drop the manual `+`-to-space replacement. `URLSearchParams.get()`
already decodes form-encoded values, and the old `.replaceAll('+', ' ')`
would have clobbered a legitimately encoded `+`.
- Add unit tests for the helper: marker stripped, no hash, no `message`
key, `message` not first, and percent-encoded `+` preserved.
## Testing (Vercel preview)
The toast only reads the URL fragment, so the redirect can be simulated
directly. Do not use the real email round-trip on the preview: a real
confirm-link click is redirected to prod (the backend sets
`redirect_to`), not the preview build.
- [x] On the preview, log in and open the account preferences page with
this fragment appended:
`/account/me#message=Confirmation+link+accepted.+Please+proceed+to+confirm+link+sent+to+the+other+email&sb=`
— toast shows the clean sentence with no `&sb=`.
- [x] Open the same page with no fragment — no toast fires.
## Linear
- fixes GROWTH-938
<!-- This is an auto-generated comment: release notes by coderabbit.ai
-->
## Summary by CodeRabbit
* **Bug Fixes**
* Improved how success messages are read after redirect in account
identity preferences, so notifications now display the correct text more
reliably.
* Supported messages with spaces and special characters, including cases
where the message appears later in the URL fragment.
<!-- end of auto-generated comment: release notes by coderabbit.ai -->
3 lines
134 B
TypeScript
3 lines
134 B
TypeScript
export const parseRedirectMessage = (asPath: string) =>
|
|
new URLSearchParams(asPath.split('#')[1] ?? '').get('message') ?? undefined
|