Skip to content

feat: email address changed notification#2181

Merged
fadymak merged 1 commit intomasterfrom
iat/email-changed-notification
Sep 30, 2025
Merged

feat: email address changed notification#2181
fadymak merged 1 commit intomasterfrom
iat/email-changed-notification

Conversation

@fadymak
Copy link
Contributor

@fadymak fadymak commented Sep 26, 2025

This PR adds support for sending the user an email notification when their email has been changed.

3 new environment variables are introduced:

  • GOTRUE_MAILER_SUBJECTS_EMAIL_CHANGED_NOTIFICATION: Email subject to use for password changed notification.
  • GOTRUE_MAILER_TEMPLATES_EMAIL_CHANGED_NOTIFICATION: The URL to specify a custom template.
  • GOTRUE_MAILER_NOTIFICATIONS_EMAIL_CHANGED_ENABLED: whether the notification is enabled or not.

The feature is disabled by default. To enable it, the GOTRUE_MAILER_NOTIFICATIONS_EMAIL_CHANGED_ENABLED environment variable must be set to true.

The default email will look as follows:

Screenshot 2025-09-26 at 15 28 18

@fadymak fadymak marked this pull request as ready for review September 26, 2025 13:55
@fadymak fadymak requested a review from a team as a code owner September 26, 2025 13:55
@coveralls
Copy link

coveralls commented Sep 26, 2025

Pull Request Test Coverage Report for Build 18039665289

Details

  • 74 of 93 (79.57%) changed or added relevant lines in 5 files are covered.
  • 6 unchanged lines in 1 file lost coverage.
  • Overall coverage increased (+0.05%) to 67.686%
Changes Missing Coverage Covered Lines Changed/Added Lines %
internal/api/verify.go 3 6 50.0%
internal/api/mail.go 60 66 90.91%
internal/mailer/templatemailer/templatemailer.go 0 10 0.0%
Files with Coverage Reduction New Missed Lines %
internal/mailer/templatemailer/templatemailer.go 6 78.99%
Totals Coverage Status
Change from base Build 18014087012: 0.05%
Covered Lines: 13305
Relevant Lines: 19657
💛 - Coveralls

cstockton
cstockton approved these changes Sep 30, 2025
View reviewed changes
Copy link
Contributor

@cstockton cstockton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@fadymak fadymak merged commit 047f851 into master Sep 30, 2025
8 checks passed
@fadymak fadymak deleted the iat/email-changed-notification branch September 30, 2025 16:56
@github-actions github-actions bot mentioned this pull request Sep 25, 2025
Merged
fadymak pushed a commit that referenced this pull request Nov 4, 2025
@github-actions
chore(master): release 2.181.0 (#2178)
a6530d5 
🤖 I have created a release *beep* *boop*
---


##
[2.181.0](v2.180.0...v2.181.0)
(2025-10-31)


### Features

* add `.well-known/openid-configuration`
([#2197](#2197))
([9a8d0df](9a8d0df))
* add `auth_migration` annotation for the migrations
([#2234](#2234))
([b276d0b](b276d0b))
* add advisor to notify you when to double the max connection pool
([#2167](#2167))
([a72f5d9](a72f5d9))
* add after-user-created hook
([#2169](#2169))
([bd80df8](bd80df8))
* add support for account changes notifications in email send hook
([#2192](#2192))
([6b382ae](6b382ae))
* email address changed notification
([#2181](#2181))
([047f851](047f851))
* identity linked/unlinked notifications
([#2185](#2185))
([7d46936](7d46936))
* introduce v2 refresh token algorithm
([#2216](#2216))
([dea5b8e](dea5b8e))
* MFA factor enrollment notifications
([#2183](#2183))
([53db712](53db712))
* notify users when their phone number has changed
([#2184](#2184))
([21f3070](21f3070))
* **oauthserver:** add OAuth client admin update endpoint
([#2231](#2231))
([6296a5a](6296a5a))
* properly handle redirect url fragments and unusual hostnames
([#2200](#2200))
([aa0ac5b](aa0ac5b))
* store latest challenge/attestation data
([#2179](#2179))
([01ebce1](01ebce1))
* support percentage based db limits with reload support
([#2177](#2177))
([1731466](1731466))
* webauthn support schema changes, update openapi.yaml
([#2163](#2163))
([68cb8d2](68cb8d2))


### Bug Fixes

* gosec incorrectly warns about accessing signature[64]
([#2222](#2222))
([bca6626](bca6626))
* **openapi:** add missing OAuth client registration fields
([#2227](#2227))
([cf39a8a](cf39a8a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
DevRyuki pushed a commit to sasatech-gk/supabase-auth that referenced this pull request Feb 23, 2026
@github-actions @DevRyuki
chore(master): release 2.181.0 (supabase#2178)
bbf7aae 
🤖 I have created a release *beep* *boop*
---


##
[2.181.0](supabase/auth@v2.180.0...v2.181.0)
(2025-10-31)


### Features

* add `.well-known/openid-configuration`
([supabase#2197](supabase#2197))
([9a8d0df](supabase@9a8d0df))
* add `auth_migration` annotation for the migrations
([supabase#2234](supabase#2234))
([b276d0b](supabase@b276d0b))
* add advisor to notify you when to double the max connection pool
([supabase#2167](supabase#2167))
([a72f5d9](supabase@a72f5d9))
* add after-user-created hook
([supabase#2169](supabase#2169))
([bd80df8](supabase@bd80df8))
* add support for account changes notifications in email send hook
([supabase#2192](supabase#2192))
([6b382ae](supabase@6b382ae))
* email address changed notification
([supabase#2181](supabase#2181))
([047f851](supabase@047f851))
* identity linked/unlinked notifications
([supabase#2185](supabase#2185))
([7d46936](supabase@7d46936))
* introduce v2 refresh token algorithm
([supabase#2216](supabase#2216))
([dea5b8e](supabase@dea5b8e))
* MFA factor enrollment notifications
([supabase#2183](supabase#2183))
([53db712](supabase@53db712))
* notify users when their phone number has changed
([supabase#2184](supabase#2184))
([21f3070](supabase@21f3070))
* **oauthserver:** add OAuth client admin update endpoint
([supabase#2231](supabase#2231))
([6296a5a](supabase@6296a5a))
* properly handle redirect url fragments and unusual hostnames
([supabase#2200](supabase#2200))
([aa0ac5b](supabase@aa0ac5b))
* store latest challenge/attestation data
([supabase#2179](supabase#2179))
([01ebce1](supabase@01ebce1))
* support percentage based db limits with reload support
([supabase#2177](supabase#2177))
([1731466](supabase@1731466))
* webauthn support schema changes, update openapi.yaml
([supabase#2163](supabase#2163))
([68cb8d2](supabase@68cb8d2))


### Bug Fixes

* gosec incorrectly warns about accessing signature[64]
([supabase#2222](supabase#2222))
([bca6626](supabase@bca6626))
* **openapi:** add missing OAuth client registration fields
([supabase#2227](supabase#2227))
([cf39a8a](supabase@cf39a8a))

---
This PR was generated with [Release
Please](https://github.com/googleapis/release-please). See
[documentation](https://github.com/googleapis/release-please#release-please).

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@cstockton cstockton cstockton approved these changes

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@fadymak @coveralls @cstockton