Fix: Properly cancel email changes via direct DB manipulation

supabase/functions/cancel-email-change/index.ts

@@ -42,24 +42,57 @@ Deno.serve(async (req) => {
       newEmail: user.new_email 
     });
 
-    // Use admin client to force reset email to current value
+    // Direct database manipulation to clear email change fields
-    // This clears any pending email changes (new_email field)
+    // Use service role to directly query and update auth.users table
-    const { data: updatedUser, error: updateError } = await supabaseAdmin.auth.admin.updateUserById(
+    const { error: sqlError } = await supabaseAdmin
+      .from('auth.users')
+      .update({
+        email_change: null,
+        email_change_sent_at: null,
+        email_change_confirm_status: 0,
+        email_change_token_current: null,
+        email_change_token_new: null
+      })
+      .eq('id', user.id);
+
+    if (sqlError) {
+      console.error('Error clearing email change fields via SQL:', sqlError);
+      
+      // Fallback: Try using the two-step email update trick
+      console.log('Attempting fallback method with temporary email...');
+      try {
+        const tempEmail = `temp_${Date.now()}_${user.email}`;
+        const { error: tempError } = await supabaseAdmin.auth.admin.updateUserById(
           user.id, 
-      {
+          { email: tempEmail, email_confirm: true }
-        email: user.email,
-        email_confirm: true, // Skip sending confirmation email since we're "changing" to same email
-      }
         );
         
-    if (updateError) {
+        if (tempError) throw tempError;
-      console.error('Error cancelling email change:', updateError);
+        
-      throw updateError;
+        const { error: revertError } = await supabaseAdmin.auth.admin.updateUserById(
+          user.id, 
+          { email: user.email, email_confirm: true }
+        );
+        
+        if (revertError) throw revertError;
+        
+        console.log('Fallback method succeeded');
+      } catch (fallbackError) {
+        console.error('Fallback method also failed:', fallbackError);
+        throw new Error('Unable to cancel email change: ' + fallbackError.message);
+      }
+    }
+
+    // Verify the change was successful by getting the updated user
+    const { data: { user: verifiedUser }, error: verifyError } = await supabaseAdmin.auth.admin.getUserById(user.id);
+    
+    if (verifyError) {
+      console.error('Error verifying email change cancellation:', verifyError);
     }
 
     console.log(`Successfully cancelled email change for user ${user.id}`, {
-      resultEmail: updatedUser.user.email,
+      verifiedEmail: verifiedUser?.email,
-      resultNewEmail: updatedUser.user.new_email
+      verifiedNewEmail: verifiedUser?.new_email
     });
 
     // Log the cancellation in admin_audit_log
@@ -85,9 +118,9 @@ Deno.serve(async (req) => {
         success: true,
         message: 'Email change cancelled successfully',
         user: {
-          id: updatedUser.user.id,
+          id: verifiedUser?.id ?? user.id,
-          email: updatedUser.user.email,
+          email: verifiedUser?.email ?? user.email,
-          new_email: updatedUser.user.new_email,
+          new_email: verifiedUser?.new_email ?? null,
         },
       }),
       {