Skip to content

feat(auth): add currentPassword to UserAttributes type#2131

Merged
mandarini merged 1 commit intomasterfrom
etienne/sec-601-current-password
Feb 24, 2026
Merged

feat(auth): add currentPassword to UserAttributes type#2131
mandarini merged 1 commit intomasterfrom
etienne/sec-601-current-password

Conversation

@staaldraad
Copy link
Member

@staaldraad staaldraad commented Feb 23, 2026

🔍 Description

Auth will require the currentPassword when a user is changing their password if GOTRUE_SECURITY_UPDATE_PASSWORD_REQUIRE_CURRENT_PASSWORD is set to true

What changed?

adds optional currentPassword to UserAttributes type

Why was this change needed?

supabase/auth#2364

📋 Checklist

  • I have read the Contributing Guidelines
  • My PR title follows the conventional commit format: <type>(<scope>): <description>
  • I have run npx nx format to ensure consistent code formatting
  • I have added tests for new functionality (if applicable)
  • [] I have updated documentation (if applicable)

@staaldraad
feat(auth): add currentPassword to UserAttributes type
e9ca81e 
Auth will require the currentPassword when a user is changing their password if
GOTRUE_SECURITY_UPDATE_PASSWORD_REQUIRE_CURRENT_PASSWORD is set to true
@staaldraad staaldraad requested review from a team as code owners February 23, 2026 14:14
@github-actions github-actions bot added the auth-js Related to the auth-js library. label Feb 23, 2026
@coderabbitai
Copy link

coderabbitai bot commented Feb 23, 2026
edited
Loading

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

Configuration used: Central YAML (base), Organization UI (inherited)

Review profile: CHILL

Plan: Pro

Cache: Disabled due to Reviews > Disable Cache setting

Disabled knowledge base sources:

  • Linear integration is disabled

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between a808c54 and e9ca81e.

📒 Files selected for processing (1)
  • packages/core/auth-js/src/lib/types.ts
📝 Walkthrough

Summary by CodeRabbit

  • New Features
    • Added optional current password field to user account attributes for enhanced security during account modifications.

Walkthrough

An optional field currentPassword: string was added to the UserAttributes interface in the auth type definitions. The field includes documentation describing its purpose and the feature flag context under which it is utilized. This modification enables the interface to accommodate current password verification scenarios during user attribute updates.

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

Comment @coderabbitai help to get the list of available commands and usage tips.

@pkg-pr-new
Copy link

pkg-pr-new bot commented Feb 23, 2026

Open in StackBlitz

@supabase/auth-js

npm i https://pkg.pr.new/@supabase/auth-js@2131

@supabase/functions-js

npm i https://pkg.pr.new/@supabase/functions-js@2131

@supabase/postgrest-js

npm i https://pkg.pr.new/@supabase/postgrest-js@2131

@supabase/realtime-js

npm i https://pkg.pr.new/@supabase/realtime-js@2131

@supabase/storage-js

npm i https://pkg.pr.new/@supabase/storage-js@2131

@supabase/supabase-js

npm i https://pkg.pr.new/@supabase/supabase-js@2131

commit: e9ca81e

@mandarini mandarini merged commit f681484 into master Feb 24, 2026
18 checks passed
@mandarini mandarini deleted the etienne/sec-601-current-password branch February 24, 2026 12:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@mandarini mandarini mandarini approved these changes

Assignees

No one assigned

Labels

auth-js Related to the auth-js library.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@staaldraad @mandarini