fix: add token for non-secure email change

supabase · Sep 4, 2024 · f988eb4 · f988eb4
1 parent bf276ab
commit f988eb4
Showing 1 changed file with 5 additions and 0 deletions.
diff --git a/internal/api/mail.go b/internal/api/mail.go
@@ -588,6 +588,11 @@ func (a *API) sendEmail(r *http.Request, tx *storage.Connection, u *models.User,
 	}
 
 	if config.Hook.SendEmail.Enabled {
+		// When secure email change is disabled, we place the token for the new email on emailData.Token
+		if emailActionType == mail.EmailChangeVerification && !config.Mailer.SecureEmailChangeEnabled && u.GetEmail() != "" {
+			otp = otpNew
+		}
+
 		emailData := mail.EmailData{
 			Token:           otp,
 			EmailActionType: emailActionType,