Fix: Ensure authorization header is sent

2025-12-20 08:11:13 -05:00 · 2025-10-01 16:19:57 +00:00
parent 11e6b2bf46
commit cc4da9f8ad
2 changed files with 32 additions and 6 deletions
--- a/src/components/settings/AccountProfileTab.tsx
+++ b/src/components/settings/AccountProfileTab.tsx
@@ -148,19 +148,36 @@ export function AccountProfileTab() {
    
    setCancellingEmail(true);
    try {
-      // Call the edge function to cancel the email change with admin privileges
+      // Ensure we have a valid session with access token
+      const { data: { session }, error: sessionError } = await supabase.auth.getSession();
+      
+      if (sessionError || !session?.access_token) {
+        console.error('Session error:', sessionError);
+        throw new Error('Your session has expired. Please refresh the page and try again.');
+      }
+
+      // Call the edge function with explicit authorization header
      const { data, error } = await supabase.functions.invoke('cancel-email-change', {
        method: 'POST',
+        headers: {
+          Authorization: `Bearer ${session.access_token}`,
+        },
      });

-      if (error) throw error;
+      if (error) {
+        console.error('Edge function error:', error);
+        throw error;
+      }

      if (!data?.success) {
        throw new Error(data?.error || 'Failed to cancel email change');
      }

      // Force refresh the session to get updated user state
-      await supabase.auth.refreshSession();
+      const { error: refreshError } = await supabase.auth.refreshSession();
+      if (refreshError) {
+        console.error('Session refresh error:', refreshError);
+      }

      // Update Novu subscriber back to current email
      if (notificationService.isEnabled()) {
--- a/supabase/functions/cancel-email-change/index.ts
+++ b/supabase/functions/cancel-email-change/index.ts
@@ -27,14 +27,23 @@ Deno.serve(async (req) => {
    // Get the user from the authorization header
    const authHeader = req.headers.get('Authorization');
    if (!authHeader) {
-      throw new Error('No authorization header');
+      console.error('Missing authorization header');
+      throw new Error('No authorization header provided. Please ensure you are logged in.');
    }

    const token = authHeader.replace('Bearer ', '');
+    console.log('Attempting to verify user token...');
+    
    const { data: { user }, error: userError } = await supabaseAdmin.auth.getUser(token);

-    if (userError || !user) {
-      throw new Error('Unauthorized');
+    if (userError) {
+      console.error('Token verification failed:', userError);
+      throw new Error('Invalid or expired session. Please refresh the page and try again.');
+    }
+
+    if (!user) {
+      console.error('No user found for token');
+      throw new Error('User not found. Please refresh the page and try again.');
    }

    console.log(`Cancelling email change for user ${user.id}`, {