Implement PostgreSQL function to cancel email change

src/integrations/supabase/types.ts

@@ -1318,6 +1318,10 @@ export type Database = {
         Args: { _profile_user_id: string; _viewer_id: string }
         Returns: boolean
       }
+      cancel_user_email_change: {
+        Args: { _user_id: string }
+        Returns: boolean
+      }
       get_filtered_profile: {
         Args: { _profile_user_id: string; _viewer_id?: string }
         Returns: Json

supabase/functions/cancel-email-change/index.ts

@@ -42,45 +42,14 @@ Deno.serve(async (req) => {
       newEmail: user.new_email 
     });
 
-    // Direct database manipulation to clear email change fields
+    // Call the database function to clear email change fields
-    // Use service role to directly query and update auth.users table
+    // This function has SECURITY DEFINER privileges to access auth.users
-    const { error: sqlError } = await supabaseAdmin
+    const { data: cancelled, error: cancelError } = await supabaseAdmin
-      .from('auth.users')
+      .rpc('cancel_user_email_change', { _user_id: user.id });
-      .update({
-        email_change: null,
-        email_change_sent_at: null,
-        email_change_confirm_status: 0,
-        email_change_token_current: null,
-        email_change_token_new: null
-      })
-      .eq('id', user.id);
 
-    if (sqlError) {
+    if (cancelError || !cancelled) {
-      console.error('Error clearing email change fields via SQL:', sqlError);
+      console.error('Error cancelling email change:', cancelError);
-      
+      throw new Error('Unable to cancel email change: ' + (cancelError?.message || 'Unknown error'));
-      // Fallback: Try using the two-step email update trick
-      console.log('Attempting fallback method with temporary email...');
-      try {
-        const tempEmail = `temp_${Date.now()}_${user.email}`;
-        const { error: tempError } = await supabaseAdmin.auth.admin.updateUserById(
-          user.id, 
-          { email: tempEmail, email_confirm: true }
-        );
-        
-        if (tempError) throw tempError;
-        
-        const { error: revertError } = await supabaseAdmin.auth.admin.updateUserById(
-          user.id, 
-          { email: user.email, email_confirm: true }
-        );
-        
-        if (revertError) throw revertError;
-        
-        console.log('Fallback method succeeded');
-      } catch (fallbackError) {
-        console.error('Fallback method also failed:', fallbackError);
-        throw new Error('Unable to cancel email change: ' + fallbackError.message);
-      }
     }
 
     // Verify the change was successful by getting the updated user

supabase/migrations/20251001160858_95431631-c4fa-471a-9c1f-7684bdf416d0.sql

@@ -0,0 +1,22 @@
+-- Create a function to cancel pending email changes
+-- This function runs with SECURITY DEFINER privileges to access auth.users table
+CREATE OR REPLACE FUNCTION public.cancel_user_email_change(_user_id UUID)
+RETURNS BOOLEAN
+LANGUAGE plpgsql
+SECURITY DEFINER
+SET search_path = auth, public
+AS $$
+BEGIN
+  -- Clear all email change related fields in auth.users
+  UPDATE auth.users
+  SET 
+    email_change = NULL,
+    email_change_sent_at = NULL,
+    email_change_confirm_status = 0,
+    email_change_token_current = NULL,
+    email_change_token_new = NULL
+  WHERE id = _user_id;
+  
+  RETURN FOUND;
+END;
+$$;