Fix MFA verification error

Refactor: Use RPC for user data
2025-12-29 04:27:05 -05:00 · 2025-10-30 18:41:55 +00:00 · 2025-10-30 18:36:45 +00:00
5 changed files with 47 additions and 55 deletions
--- a/src/components/auth/MFAChallenge.tsx
+++ b/src/components/auth/MFAChallenge.tsx
@@ -1,4 +1,4 @@
-import { useState, useEffect } from 'react';
+import { useState } from 'react';
 import { supabase } from '@/integrations/supabase/client';
 import { useToast } from '@/hooks/use-toast';
 import { getErrorMessage } from '@/lib/errorHandler';
@@ -17,37 +17,23 @@ export function MFAChallenge({ factorId, onSuccess, onCancel }: MFAChallengeProp
  const { toast } = useToast();
  const [code, setCode] = useState('');
  const [loading, setLoading] = useState(false);
-  const [challengeId, setChallengeId] = useState<string | null>(null);
-
-  // Create MFA challenge on mount
-  useEffect(() => {
-    const createChallenge = async () => {
-      try {
-        const { data, error } = await supabase.auth.mfa.challenge({ factorId });
-        if (error) throw error;
-        setChallengeId(data.id);
-      } catch (error: unknown) {
-        toast({
-          variant: "destructive",
-          title: "MFA Challenge Failed",
-          description: getErrorMessage(error)
-        });
-        onCancel();
-      }
-    };
-
-    createChallenge();
-  }, [factorId, onCancel, toast]);

  const handleVerify = async () => {
-    if (code.length !== 6 || !challengeId) return;
+    if (code.length !== 6) return;

    setLoading(true);
    try {
+      // Create fresh challenge for each verification attempt
+      const { data: challengeData, error: challengeError } = 
+        await supabase.auth.mfa.challenge({ factorId });
+      
+      if (challengeError) throw challengeError;
+      
+      // Immediately verify with fresh challenge
      const { data, error } = await supabase.auth.mfa.verify({
        factorId,
-        challengeId,
-        code
+        challengeId: challengeData.id,
+        code: code.trim()
      });

      if (error) throw error;
--- a/src/components/moderation/ReassignDialog.tsx
+++ b/src/components/moderation/ReassignDialog.tsx
@@ -69,10 +69,10 @@ export function ReassignDialog({

      const userIds = roles.map((r) => r.user_id);

-      const { data: profiles, error: profilesError } = await supabase
-        .from('profiles')
-        .select('user_id, username, display_name')
-        .in('user_id', userIds);
+      const { data: allProfiles, error: profilesError } = await supabase
+        .rpc('get_users_with_emails');
+      
+      const profiles = allProfiles?.filter(p => userIds.includes(p.user_id));

      if (profilesError) throw profilesError;

--- a/src/components/moderation/ReportsQueue.tsx
+++ b/src/components/moderation/ReportsQueue.tsx
@@ -190,11 +190,11 @@ export const ReportsQueue = forwardRef<ReportsQueueRef>((props, ref) => {
      // Get unique reporter IDs
      const reporterIds = [...new Set((data || []).map(r => r.reporter_id))];
      
-      // Fetch reporter profiles
-      const { data: profiles } = await supabase
-        .from('profiles')
-        .select('user_id, username, display_name')
-        .in('user_id', reporterIds);
+      // Fetch reporter profiles with emails (for admins)
+      const { data: allProfiles } = await supabase
+        .rpc('get_users_with_emails');
+      
+      const profiles = allProfiles?.filter(p => reporterIds.includes(p.user_id));

      const profileMap = new Map(profiles?.map(p => [p.user_id, p]) || []);

@@ -219,10 +219,8 @@ export const ReportsQueue = forwardRef<ReportsQueueRef>((props, ref) => {
        
        profileIds.length > 0
          ? supabase
-              .from('profiles')
-              .select('user_id, username, display_name')
-              .in('user_id', profileIds)
-              .then(({ data }) => data || [])
+              .rpc('get_users_with_emails')
+              .then(({ data }) => data?.filter(p => profileIds.includes(p.user_id)) || [])
          : Promise.resolve([]),
        
        submissionIds.length > 0
--- a/src/components/moderation/UserRoleManager.tsx
+++ b/src/components/moderation/UserRoleManager.tsx
@@ -85,10 +85,12 @@ export function UserRoleManager() {
      // Get unique user IDs
      const userIds = [...new Set((data || []).map(r => r.user_id))];

-      // Fetch user profiles
+      // Fetch user profiles with emails (for admins)
      const {
-        data: profiles
-      } = await supabase.from('profiles').select('user_id, username, display_name').in('user_id', userIds);
+        data: allProfiles
+      } = await supabase.rpc('get_users_with_emails');
+      
+      const profiles = allProfiles?.filter(p => userIds.includes(p.user_id));
      const profileMap = new Map(profiles?.map(p => [p.user_id, p]) || []);

      // Combine data with profiles
@@ -113,9 +115,15 @@ export function UserRoleManager() {
    }
    try {
      const {
-        data,
+        data: allUsers,
        error
-      } = await supabase.from('profiles').select('user_id, username, display_name').or(`username.ilike.%${search}%,display_name.ilike.%${search}%`).limit(10);
+      } = await supabase.rpc('get_users_with_emails');
+      
+      // Filter by search term
+      const data = allUsers?.filter(user => 
+        user.username.toLowerCase().includes(search.toLowerCase()) ||
+        user.display_name?.toLowerCase().includes(search.toLowerCase())
+      ).slice(0, 10);
      if (error) throw error;

      // Filter out users who already have roles
--- a/src/lib/systemActivityService.ts
+++ b/src/lib/systemActivityService.ts
@@ -768,10 +768,10 @@ export async function fetchSystemActivities(
  const uniqueUserIds = [...new Set(filteredActivities.map(a => a.actor_id).filter(Boolean))] as string[];
  
  if (uniqueUserIds.length > 0) {
-    const { data: profiles } = await supabase
-      .from('profiles')
-      .select('user_id, username, display_name, avatar_url')
-      .in('user_id', uniqueUserIds);
+    const { data: allProfiles } = await supabase
+      .rpc('get_users_with_emails');
+    
+    const profiles = allProfiles?.filter(p => uniqueUserIds.includes(p.user_id));

    if (profiles) {
      const profileMap = new Map(profiles.map(p => [p.user_id, p]));
@@ -797,10 +797,10 @@ export async function fetchSystemActivities(
        .filter(Boolean) as string[];

      if (targetUserIds.length > 0) {
-        const { data: targetProfiles } = await supabase
-          .from('profiles')
-          .select('user_id, username')
-          .in('user_id', targetUserIds);
+        const { data: allTargetProfiles } = await supabase
+          .rpc('get_users_with_emails');
+        
+        const targetProfiles = allTargetProfiles?.filter(p => targetUserIds.includes(p.user_id));

        if (targetProfiles) {
          const targetProfileMap = new Map(targetProfiles.map(p => [p.user_id, p]));
@@ -826,10 +826,10 @@ export async function fetchSystemActivities(
        .filter(Boolean) as string[];

      if (accountUserIds.length > 0) {
-        const { data: accountProfiles } = await supabase
-          .from('profiles')
-          .select('user_id, username')
-          .in('user_id', accountUserIds);
+        const { data: allAccountProfiles } = await supabase
+          .rpc('get_users_with_emails');
+        
+        const accountProfiles = allAccountProfiles?.filter(p => accountUserIds.includes(p.user_id));

        if (accountProfiles) {
          const accountProfileMap = new Map(accountProfiles.map(p => [p.user_id, p]));
Author	SHA1	Message	Date
gpt-engineer-app[bot]	16940419e5	Fix MFA verification error	2025-10-30 18:41:55 +00:00
gpt-engineer-app[bot]	a5d0d2253e	Refactor: Use RPC for user data	2025-10-30 18:36:45 +00:00