Auth functions like auth.uid() do NOT handle empty strings
See original GitHub issueBug report
Describe the bug
Auth functions like auth.uid() use the ‘request.jwt.claims’ configuration parameter in order to extract the uid/email/role for the user of the current request.
However, these functions fail if the ‘request.jwt.claims’ configuration parameter is the empty string because the conversion to jsonb fails.
Handling empty strings for this parameter is important because one can mock different users by setting the parameter for the current transaction, however, it is NOT possible to remove the parameter AFTER the transaction is over - instead, the parameter remains as empty string (as explained here: https://stackoverflow.com/a/50929568/2606261
To Reproduce
Steps to reproduce the behavior, please provide code snippets or a repository:
- Connect to a Supabase PostgreSQL instance using any SQL client;
- Mock a particular use for a single transaction like this:
begin;
set local "request.jwt.claims" to '{ "sub": "d0d4b028-2f87-523b-a580-0f3e85e6ff33", "email": "my@email.com" }';
select auth.uid();
commit;
- Try to invoke the auth.uid() again now that the transaction is completed:
select auth.uid();
Expected behavior
The second invocation of auth.uid() should return NULL;
Actual behavior
The second invocation of auth.uid() throw an exception because the empty string cannot be converted to jsonb;
Issue Analytics
- State:
- Created 2 years ago
- Comments:5 (4 by maintainers)
Maybe the
nullif
could be applied like this:That way the
::jsonb
casting won’t fail, just tested it:Can I work on this issue?