fix(edge-fn): replace getClaims with adminClient.auth.getUser(token)

fix(edge-fn): use user.id instead of claims.sub; fixes 500s and false cert_required fix(migrations): drop broad reservations SELECT policy; add reservation_slots view with security_invoker=false fix(tests): correct weekSlot() keys from start/end to start_time/end_time fix(tests): spread overlap test slots across separate ISO weeks fix(tests): update e2e assertion to match actual authenticated home text fix(app): hide IonMenu before user is authenticated feat(dx): add test:all script running unit, integration, and e2e in sequence docs(claude-md): document SELinux fix, Edge Function auth pattern, security_invoker behaviour
2026-04-20 14:32:37 -04:00
parent d07a02c9dc
commit 108c042921
33 changed files with 2745 additions and 12 deletions
--- a/tests/integration/auth-session.test.ts
+++ b/tests/integration/auth-session.test.ts
@@ -86,8 +86,7 @@ describe('magic link login — session creation', () => {
    // and /auth/callback calls supabase.auth.verifyOtp (hash-based) or
    // supabase.auth.exchangeCodeForSession (PKCE)
    const { data: sessionData, error: sessionError } = await anonClient.auth.verifyOtp({
-      email: TEST_EMAIL,
-      token: token!,
+      token_hash: token!,
      type: 'magiclink',
    })

@@ -104,8 +103,7 @@ describe('magic link login — session creation', () => {
    })

    const { data: sessionData } = await anonClient.auth.verifyOtp({
-      email: TEST_EMAIL,
-      token: linkData.properties!.hashed_token!,
+      token_hash: linkData.properties!.hashed_token!,
      type: 'magiclink',
    })