Skip to content

fix: mutable reference headers #1095 #1096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 11 commits into from
May 23, 2025
Merged

fix: mutable reference headers #1095 #1096

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
11 commits
Select commit Hold shift + click to select a range
f3529a8
bug fixed mutable-reference-headers
AsahiSoftWareEngineer Apr 2, 2025
d5302d5
delete jupytor notebook
AsahiSoftWareEngineer Apr 2, 2025
02eca96
add test case
AsahiSoftWareEngineer Apr 3, 2025
505bf6d
remove unnecessary code
AsahiSoftWareEngineer Apr 3, 2025
a4291bc
rename auth_header
AsahiSoftWareEngineer Apr 3, 2025
34ed12c
delete #
AsahiSoftWareEngineer Apr 3, 2025
b804c29
rewrite rewrite class props
AsahiSoftWareEngineer Apr 4, 2025
c6d4cdf
fix _async/client.py
AsahiSoftWareEngineer Apr 7, 2025
d1495bc
test passed
AsahiSoftWareEngineer Apr 7, 2025
7ac3df2
fix _sync/auth_client.py
AsahiSoftWareEngineer Apr 9, 2025
c7377f6
test: remove duplicate test and add await to async call
silentworks May 23, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions supabase/_async/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
import asyncio
import copy
import re
from typing import Any, Dict, List, Optional, Union

Expand Down Expand Up @@ -69,7 +70,7 @@ def __init__(

self.supabase_url = supabase_url
self.supabase_key = supabase_key
self.options = options
self.options = copy.deepcopy(options)
options.headers.update(self._get_auth_headers())
self.rest_url = f"{supabase_url}/rest/v1"
self.realtime_url = f"{supabase_url}/realtime/v1".replace("http", "ws")
Expand Down Expand Up @@ -294,8 +295,11 @@ def _listen_to_auth_events(
self._storage = None
self._functions = None
access_token = session.access_token if session else self.supabase_key

self.options.headers["Authorization"] = self._create_auth_header(access_token)
headers = copy.deepcopy(self._create_auth_header(access_token))
self.options.headers["Authorization"] = headers
self.auth._headers["Authorization"] = headers
self.postgrest.session.headers["Authorization"] = headers
self.storage.session.headers["Authorization"] = headers
asyncio.create_task(self.realtime.set_auth(access_token))


Expand Down
18 changes: 9 additions & 9 deletions supabase/_sync/client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,3 +1,4 @@
import copy
import re
from typing import Any, Dict, List, Optional, Union

Expand Down Expand Up @@ -62,13 +63,11 @@ def __init__(
r"^[A-Za-z0-9-_=]+\.[A-Za-z0-9-_=]+\.?[A-Za-z0-9-_.+/=]*$", supabase_key
):
raise SupabaseException("Invalid API key")

if options is None:
options = ClientOptions(storage=SyncMemoryStorage())

self.supabase_url = supabase_url
self.supabase_key = supabase_key
self.options = options
self.options = copy.deepcopy(options)
options.headers.update(self._get_auth_headers())
self.rest_url = f"{supabase_url}/rest/v1"
self.realtime_url = f"{supabase_url}/realtime/v1".replace("http", "ws")
Expand Down Expand Up @@ -100,17 +99,15 @@ def create(
):
auth_header = options.headers.get("Authorization") if options else None
client = cls(supabase_url, supabase_key, options)

session_access_token = None
if auth_header is None:
try:
session = client.auth.get_session()
session_access_token = client._create_auth_header(session.access_token)
except Exception as err:
session_access_token = None

client.options.headers.update(
client._get_auth_headers(session_access_token)
)
client.options.headers.update(client._get_auth_headers(session_access_token))

return client

Expand Down Expand Up @@ -293,8 +290,11 @@ def _listen_to_auth_events(
self._storage = None
self._functions = None
access_token = session.access_token if session else self.supabase_key

self.options.headers["Authorization"] = self._create_auth_header(access_token)
header = copy.deepcopy(self._create_auth_header(access_token))
self.options.headers["Authorization"] = header
self.auth._headers["Authorization"] = header
self.postgrest.session.headers["Authorization"] = header
self.storage.session.headers["Authorization"] = header

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

not sure the issue this is solving, could you elaborate?

Copy link
Contributor Author

@AsahiSoftWareEngineer AsahiSoftWareEngineer Apr 3, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sorry, Below source code is not necessary.

  self.postgrest.session.headers["Authorization"] = header
  self.storage.session.headers["Authorization"] = header

Caused by using deep-copy, before source code was not working. (auth._headers is not refreshed).
That's why, I changed to reassign deep-copied self._create_auth_header(access_token)methods


def create_client(
Expand Down
36 changes: 34 additions & 2 deletions tests/test_client.py
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,6 +5,7 @@
from unittest.mock import MagicMock

import pytest
from gotrue import SyncMemoryStorage

from supabase import Client, ClientOptions, SupabaseException, create_client

Expand Down Expand Up @@ -101,7 +102,6 @@ def test_updates_the_authorization_header_on_auth_events() -> None:
mock_session = MagicMock(access_token="secretuserjwt")
realtime_mock = MagicMock()
client.realtime = realtime_mock

client._listen_to_auth_events("SIGNED_IN", mock_session)

updated_authorization = f"Bearer {mock_session.access_token}"
Expand All @@ -113,9 +113,41 @@ def test_updates_the_authorization_header_on_auth_events() -> None:
assert (
client.postgrest.session.headers.get("Authorization") == updated_authorization
)

assert client.auth._headers.get("apiKey") == key
assert client.auth._headers.get("Authorization") == updated_authorization

assert client.storage.session.headers.get("apiKey") == key
assert client.storage.session.headers.get("Authorization") == updated_authorization


def test_mutable_headers_issue():
url = os.environ.get("SUPABASE_TEST_URL")
key = os.environ.get("SUPABASE_TEST_KEY")

shared_options = ClientOptions(
storage=SyncMemoryStorage(), headers={"Authorization": "Bearer initial-token"}
)

client1 = create_client(url, key, shared_options)

client2 = create_client(url, key, shared_options)

client1.options.headers["Authorization"] = "Bearer modified-token"

assert client2.options.headers["Authorization"] == "Bearer initial-token"


#
def test_global_authorization_header_issue():
url = os.environ.get("SUPABASE_TEST_URL")
key = os.environ.get("SUPABASE_TEST_KEY")

authorization = "Bearer secretuserjwt"
options = ClientOptions(headers={"Authorization": authorization})

client = create_client(url, key, options)

assert client.options.headers.get("apiKey") == key


# 実行