Skip to content

Fix mutable reference headers #1095 #1096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 10 commits into
base: main
Choose a base branch
from
Open

Fix mutable reference headers #1095 #1096

Show file tree
Hide file tree
Changes from 6 commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
f3529a8
bug fixed mutable-reference-headers
AsahiSoftWareEngineer Apr 2, 2025
d5302d5
delete jupytor notebook
AsahiSoftWareEngineer Apr 2, 2025
02eca96
add test case
AsahiSoftWareEngineer Apr 3, 2025
505bf6d
remove unnecessary code
AsahiSoftWareEngineer Apr 3, 2025
a4291bc
rename auth_header
AsahiSoftWareEngineer Apr 3, 2025
34ed12c
delete #
AsahiSoftWareEngineer Apr 3, 2025
b804c29
rewrite rewrite class props
AsahiSoftWareEngineer Apr 4, 2025
c6d4cdf
fix _async/client.py
AsahiSoftWareEngineer Apr 7, 2025
d1495bc
test passed
AsahiSoftWareEngineer Apr 7, 2025
7ac3df2
fix _sync/auth_client.py
AsahiSoftWareEngineer Apr 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 5 additions & 3 deletions supabase/_async/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import asyncio
import copy
import re
from typing import Any, Dict, List, Optional, Union

Expand Down Expand Up @@ -69,7 +70,7 @@ def __init__(

self.supabase_url = supabase_url
self.supabase_key = supabase_key
self.options = options
self.options = copy.deepcopy(options)
options.headers.update(self._get_auth_headers())
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

just noticed this line updates the passed param, not the instance options variable.

Copy link
Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Rewrite options.headers.update(self._get_auth_headers()) to self.options.headers.update(self._get_auth_headers()).

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It doesn't look like this change was made. Also note you only need to make changes in the _async/client and then run make build_sync and make tests_pre_commit in the terminal after.

self.rest_url = f"{supabase_url}/rest/v1"
self.realtime_url = f"{supabase_url}/realtime/v1".replace("http", "ws")
Expand Down Expand Up @@ -294,8 +295,9 @@ def _listen_to_auth_events(
self._storage = None
self._functions = None
access_token = session.access_token if session else self.supabase_key

self.options.headers["Authorization"] = self._create_auth_header(access_token)
auth_header = copy.deepcopy(self._create_auth_header(access_token))
self.options.headers["Authorization"] = auth_header
self.auth._headers["Authorization"] = auth_header
asyncio.create_task(self.realtime.set_auth(access_token))


Expand Down
16 changes: 7 additions & 9 deletions supabase/_sync/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import copy
import re
from typing import Any, Dict, List, Optional, Union

Expand Down Expand Up @@ -62,13 +63,11 @@ def __init__(
r"^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$", supabase_key
):
raise SupabaseException("Invalid API key")

if options is None:
options = ClientOptions(storage=SyncMemoryStorage())

self.supabase_url = supabase_url
self.supabase_key = supabase_key
self.options = options
self.options = copy.deepcopy(options)
options.headers.update(self._get_auth_headers())
self.rest_url = f"{supabase_url}/rest/v1"
self.realtime_url = f"{supabase_url}/realtime/v1".replace("http", "ws")
Expand Down Expand Up @@ -100,17 +99,15 @@ def create(
):
auth_header = options.headers.get("Authorization") if options else None
client = cls(supabase_url, supabase_key, options)

session_access_token = None
if auth_header is None:
try:
session = client.auth.get_session()
session_access_token = client._create_auth_header(session.access_token)
except Exception as err:
session_access_token = None

client.options.headers.update(
client._get_auth_headers(session_access_token)
)
client.options.headers.update(client._get_auth_headers(session_access_token))

return client

Expand Down Expand Up @@ -293,8 +290,9 @@ def _listen_to_auth_events(
self._storage = None
self._functions = None
access_token = session.access_token if session else self.supabase_key

self.options.headers["Authorization"] = self._create_auth_header(access_token)
auth_header = copy.deepcopy(self._create_auth_header(access_token))
self.options.headers["Authorization"] = auth_header
self.auth._headers["Authorization"] = auth_header


def create_client(
Expand Down
33 changes: 31 additions & 2 deletions tests/test_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from unittest.mock import MagicMock

import pytest
from gotrue import SyncMemoryStorage

from supabase import Client, ClientOptions, SupabaseException, create_client

Expand Down Expand Up @@ -101,7 +102,6 @@ def test_updates_the_authorization_header_on_auth_events() -> None:
mock_session = MagicMock(access_token="secretuserjwt")
realtime_mock = MagicMock()
client.realtime = realtime_mock

client._listen_to_auth_events("SIGNED_IN", mock_session)

updated_authorization = f"Bearer {mock_session.access_token}"
Expand All @@ -113,9 +113,38 @@ def test_updates_the_authorization_header_on_auth_events() -> None:
assert (
client.postgrest.session.headers.get("Authorization") == updated_authorization
)

assert client.auth._headers.get("apiKey") == key
assert client.auth._headers.get("Authorization") == updated_authorization

assert client.storage.session.headers.get("apiKey") == key
assert client.storage.session.headers.get("Authorization") == updated_authorization


def test_mutable_headers_issue():
url = os.environ.get("SUPABASE_TEST_URL")
key = os.environ.get("SUPABASE_TEST_KEY")

shared_options = ClientOptions(
storage=SyncMemoryStorage(), headers={"Authorization": "Bearer initial-token"}
)

client1 = create_client(url, key, shared_options)

client2 = create_client(url, key, shared_options)

client1.options.headers["Authorization"] = "Bearer modified-token"

assert client2.options.headers["Authorization"] == "Bearer initial-token"



def test_global_authorization_header_issue():
url = os.environ.get("SUPABASE_TEST_URL")
key = os.environ.get("SUPABASE_TEST_KEY")

authorization = "Bearer secretuserjwt"
options = ClientOptions(headers={"Authorization": authorization})

client = create_client(url, key, options)

assert client.options.headers.get("apiKey") == key