Skip to content

getUser is also refresh the user reference in the currentSession#1315

Open
stefanschaller wants to merge 3 commits intosupabase:mainfrom
tappeddev:main
Open

getUser is also refresh the user reference in the currentSession#1315
stefanschaller wants to merge 3 commits intosupabase:mainfrom
tappeddev:main

Conversation

@stefanschaller
Copy link

@stefanschaller stefanschaller commented Feb 23, 2026

What kind of change does this PR introduce?

Bug fix/feature -> Depending on who you ask 😅

What is the current behavior?

The getUser call only gets the user without doing anything with the user

What is the new behavior?

The old user object is also updated in the currentSession

Additional context

We update the user object in an edgefunction and want to refresh the user afterwards.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 23, 2026

📝 Walkthrough

Summary by CodeRabbit

  • Bug Fixes
    • User data synchronization improved: when fetching user information from the server, the active session is now automatically updated if changes are detected. User update notifications are emitted when user data differs from the cached session, keeping the application synchronized with the latest server information.

Walkthrough

The getUser method in GoTrueClient is modified to extract the user from the response and compare it against the current session's user. When a user exists and differs from the session user, the local session is updated with the new user and an AuthChangeEvent.userUpdated event is emitted. No action occurs if the user is null or unchanged.


Comment @coderabbitai help to get the list of available commands and usage tips.

@coderabbitai
Copy link
Contributor

coderabbitai bot commented Feb 23, 2026

Caution

Failed to replace (edit) comment. This is likely due to insufficient permissions or the comment being deleted.

Error details
{"name":"HttpError","status":500,"request":{"method":"PATCH","url":"https://api.github.com/repos/supabase/supabase-flutter/issues/comments/3945281418","headers":{"accept":"application/vnd.github.v3+json","user-agent":"octokit.js/0.0.0-development octokit-core.js/7.0.6 Node.js/24","authorization":"token [REDACTED]","content-type":"application/json; charset=utf-8"},"body":{"body":"<!-- This is an auto-generated comment: summarize by coderabbit.ai -->\n<!-- walkthrough_start -->\n\n<details>\n<summary>📝 Walkthrough</summary>\n\n<!-- This is an auto-generated comment: release notes by coderabbit.ai -->\n\n## Summary by CodeRabbit\n\n* **Bug Fixes**\n  * Enhanced user state management to correctly synchronize user data and emit change notifications only when the authenticated user actually changes, reducing unnecessary state updates.\n\n<!-- end of auto-generated comment: release notes by coderabbit.ai -->\n## Walkthrough\n\nThe `getUser` method in `GoTrueClient` was modified to add conditional state synchronization logic. Previously, the method returned the user response directly. Now it compares the retrieved user with the currently tracked session user. If they differ, it updates the local session with the new user data and emits a `userUpdated` AuthChangeEvent before returning the response. If the user matches the session user, it returns early without modifying state or emitting events. The public method signature remains unchanged.\n\n</details>\n\n<!-- walkthrough_end -->\n\n\n<!-- announcements_start -->\n\n> [!TIP]\n> [Issue Planner](https://www.coderabbit.ai/issue-planner) is now in beta. Read the [docs](https://docs.coderabbit.ai/issues/planning) and try it out! Share your feedback on [Discord](https://discord.com/invite/coderabbit).\n\n<!-- announcements_end -->\n\n<!-- tips_start -->\n\n---\n\n\n\n<sub>Comment `@coderabbitai help` to get the list of available commands and usage tips.</sub>\n\n<!-- tips_end -->\n\n<!-- internal state start -->\n\n\n<!-- DwQgtGAEAqAWCWBnSTIEMB26CuAXA9mAOYCmGJATmriQCaQDG+Ats2bgFyQAOFk+AIwBWJBrngA3EsgEBPRvlqU0AgfFwA6NPEgQAfACgjoCEYDEZyAAUASpETZWaCrKPR1AGxJdSuAKqIlCjIaB6I+JAUJABmUYiwkLiwJJDYgXxR0ZRkDCnwWEkpDNgUURi4AMrSiPD4WJAGAHKOApRcAIwAzO0ArJANfjYAMlywuLjciBwA9NNE6rDYAhpMzNMO3CpogevYmwLbJGDRHng0FNPc2B4e0129/QYBbfY00ZiIDLChXnwNFfgSrlIAIqBgvlxmNosIAkwhgzl8ILBEMgUPyjwquGoaS4+G4ZEeAGEotQ6OhOJAAEwABkpADYwLSwJTOtBehxaRyACwALSMABFpAwKPBuOI6hwDFBCd8MKRErJ8VwAELYIiQaLwAAe0yy2KiGilkEJJTKuBBJG+ElqFC4cBSAANfM8KA7GD9IiRcCKSFJkIVUukQXhILR8NJIBh8ObmIp4NF5Jh5IgCFF6IFEDU6qHqGhDVBGiQAO4Wq02rhOr0ut1RkuhcKpbi0Un+5KBoKCERiV74NMoLAO4qldhVTO1DAO/OQACCtFo6nHoQU5RIWop9sYsvlG24vdwyCLvYA1id8EWD8kougsHR5dFsODxVg9s2aK2UmkO8JRObMPQAwwHjwOwkYkHQ/oRJkcQJAGHj4AwS6fnwaDROcRbOLQhpSmAhgGCYUBkPQ+DRDgBDEGQyg0PQqxsOUXC8Pw35iJIEZyAoShUKo6haDo+h4eAUBwKgqCYKRhCkOQVBUQorDsFwVAlg4TguCC8hMBxKhqJo2i6DhRj8aYBibAwR5oKQiBzNGFDYCQ0xAQI6wUAwlnejZAD6gHAeUGjNhQnAGAAREFBgWDOACS5GSaS6aOFCKnEZumDmUYYVYAA4vg0DWSQhJAewGjOukAA0iRtupKS8L6tRpB48hRLgJTkPQLo2NIu4YIEGoUCwpUpAAUhUADyjSeog7WdfOURiLVGgwG25AlnB8wMJARZUJMvWjeNeRYGgkBwQhHiQBIzjwCoXglV8ohHsg8abfVjVkkhobxlkFDILEPUAaa7C1YkVAmWSGZZs+xXXvQd3hCVL4tptB1LsD46rQsm0Le2FAlSQzDqCE6N+E20UzngsAyklJAAKJSOUJV/r1WAPRQHWbS1bV1IEs1hSRAbPagAaIGgbAleonoNYzyAkM4f1FgsgIxnGCb5OqKakvwfBY+o4hypAvrsIgs1CSEc7IEwGDzk+CNYjQ9iyOCsDdRg8AAF7UEjtM6+UkbRvG8AIU+6DdQ+9DPfVPonUd0tJLLiVyorm1XAIQErWwkfpvARAYPqJBYeYljTh45wu2ziQRAGSiAc4hdMwlq67n5ZK9jwSyJ9r5QLtIRhQAAsl6sCKPYacZ6LH4E1RXCNHUJBGlY3X4n5si6sBHip+nmeNq+0hjxPRq5dsFn5Oc7zAl8ZNTJA4/kMYUIO1kKZuZqXiGPHY2iBosgCx4eHTFf8bSLgd/wF4IwQx8gRmPnKOgXAADUABOaYYB2hGHJimeAUJpLlU9NaYs2tojRD3Fwbu85HCBWCthXC+EW5ERImgPA4kKJSTJDROSkQ0CKVis4eQbFyqcS0jxXShhyE0XUG5eAtBEBuSiJgosdA3LKz8nw4wAkcxcgABwkGpAAdmUVyGInQ6RZEpGgUQAh2iaWUZ0aBmjlEsjQD0WgXJaDKOgZSeRBkoCCL/iIsREjgJSNoG5Qi8jyHUIIG5TYn4ZGWxIBE5w5o+IGAAN4BQ8NsXAVhqGBFoNOXArVJF0EJCwbGuB8kPlwAFDkABfBREAxKhPSVE5WNB/Gmz4UAA== -->\n\n<!-- internal state end -->"},"request":{"retryCount":3,"retries":3,"retryAfter":16}}}

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@packages/gotrue/lib/src/gotrue_client.dart`:
- Around line 720-728: The code emits userUpdated even when there is no local
session because currentSession?.copyWith(...) returns null; fix by
early-returning when _currentSession is null: after constructing userResponse,
if _currentSession is null return userResponse (so no copyWith or
notifyAllSubscribers is called); otherwise update _currentSession with
_currentSession.copyWith(user: userResponse.user) and call
notifyAllSubscribers(AuthChangeEvent.userUpdated). Ensure you reference
userResponse, _currentSession, copyWith, notifyAllSubscribers, and
AuthChangeEvent.userUpdated.

ℹ️ Review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between bfa480a and da48e07.

📒 Files selected for processing (1)
  • packages/gotrue/lib/src/gotrue_client.dart

Comment on lines 720 to 728
final userResponse = UserResponse.fromJson(response);

// np need to update the local user when the user is the same
if (userResponse.user == _currentSession?.user) return userResponse;

_currentSession = currentSession?.copyWith(user: userResponse.user);
notifyAllSubscribers(AuthChangeEvent.userUpdated);

return userResponse;
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Bug: userUpdated event emitted incorrectly when no session exists.

When getUser(jwt) is called with a custom JWT but no local session (_currentSession is null), the code reaches line 725 where currentSession?.copyWith(...) evaluates to null, and then emits a userUpdated event with a null session. This is incorrect behavior—no state actually changed.

Guard against this case:

Proposed fix
     final userResponse = UserResponse.fromJson(response);

-    // np need to update the local user when the user is the same
-    if (userResponse.user == _currentSession?.user) return userResponse;
+    // No need to update the local user when there's no session or user is the same
+    if (_currentSession == null || userResponse.user == _currentSession?.user) {
+      return userResponse;
+    }

     _currentSession = currentSession?.copyWith(user: userResponse.user);
     notifyAllSubscribers(AuthChangeEvent.userUpdated);

     return userResponse;
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@packages/gotrue/lib/src/gotrue_client.dart` around lines 720 - 728, The code
emits userUpdated even when there is no local session because
currentSession?.copyWith(...) returns null; fix by early-returning when
_currentSession is null: after constructing userResponse, if _currentSession is
null return userResponse (so no copyWith or notifyAllSubscribers is called);
otherwise update _currentSession with _currentSession.copyWith(user:
userResponse.user) and call notifyAllSubscribers(AuthChangeEvent.userUpdated).
Ensure you reference userResponse, _currentSession, copyWith,
notifyAllSubscribers, and AuthChangeEvent.userUpdated.

Copy link
Contributor

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

♻️ Duplicate comments (1)
packages/gotrue/lib/src/gotrue_client.dart (1)

720-728: ⚠️ Potential issue | 🟠 Major

Guard against emitting userUpdated when no local session exists.

If getUser(jwt) is called while _currentSession is null, currentSession?.copyWith(...) yields null and you still emit userUpdated with no session. This is incorrect and can mislead subscribers. Please return early when _currentSession is null.

🛠️ Proposed fix
-    if (userResponse.user == null) return userResponse;
-
-    // np need to update the local user when the user is the same
-    if (userResponse.user == _currentSession?.user) return userResponse;
+    if (userResponse.user == null) return userResponse;
+    if (_currentSession == null) return userResponse;
+
+    // no need to update the local user when the user is the same
+    if (userResponse.user == _currentSession?.user) return userResponse;

     _currentSession = currentSession?.copyWith(user: userResponse.user);
     notifyAllSubscribers(AuthChangeEvent.userUpdated);
🤖 Prompt for AI Agents
Verify each finding against the current code and only fix it if needed.

In `@packages/gotrue/lib/src/gotrue_client.dart` around lines 720 - 728, The code
updates _currentSession and emits
notifyAllSubscribers(AuthChangeEvent.userUpdated) even when there is no local
session; change the logic in the block after UserResponse.fromJson(response) to
return early if _currentSession is null (i.e., check _currentSession == null and
return userResponse) before calling currentSession?.copyWith(...) and
notifyAllSubscribers so you never emit a userUpdated event without an existing
local session.
🤖 Prompt for all review comments with AI agents
Verify each finding against the current code and only fix it if needed.

Duplicate comments:
In `@packages/gotrue/lib/src/gotrue_client.dart`:
- Around line 720-728: The code updates _currentSession and emits
notifyAllSubscribers(AuthChangeEvent.userUpdated) even when there is no local
session; change the logic in the block after UserResponse.fromJson(response) to
return early if _currentSession is null (i.e., check _currentSession == null and
return userResponse) before calling currentSession?.copyWith(...) and
notifyAllSubscribers so you never emit a userUpdated event without an existing
local session.

ℹ️ Review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between bfa480a and a63b7a8.

📒 Files selected for processing (1)
  • packages/gotrue/lib/src/gotrue_client.dart

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant