Skip to content

getUser is also refresh the user reference in the currentSession #1315

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
stefanschaller wants to merge 3 commits into
base: main
Choose a base branch
from
Open

getUser is also refresh the user reference in the currentSession #1315

Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
27087dc
update local user
stefanschaller Feb 23, 2026
da48e07
update local user
stefanschaller Feb 23, 2026
a63b7a8
do nothing when the user is null
stefanschaller Feb 23, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 11 additions & 1 deletion packages/gotrue/lib/src/gotrue_client.dart
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -717,7 +717,17 @@ class GoTrueClient {
RequestMethodType.get,
options: options,
);
return UserResponse.fromJson(response);
final userResponse = UserResponse.fromJson(response);

if (userResponse.user == null) return userResponse;

// np need to update the local user when the user is the same
if (userResponse.user == _currentSession?.user) return userResponse;

_currentSession = currentSession?.copyWith(user: userResponse.user);
notifyAllSubscribers(AuthChangeEvent.userUpdated);

return userResponse;
Comment on lines +720 to +730
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai Bot Feb 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Bug: userUpdated event emitted incorrectly when no session exists.

When getUser(jwt) is called with a custom JWT but no local session (_currentSession is null), the code reaches line 725 where currentSession?.copyWith(...) evaluates to null, and then emits a userUpdated event with a null session. This is incorrect behavior—no state actually changed.

Guard against this case:

Proposed fix 
     final userResponse = UserResponse.fromJson(response);

-    // np need to update the local user when the user is the same
-    if (userResponse.user == _currentSession?.user) return userResponse;
+    // No need to update the local user when there's no session or user is the same
+    if (_currentSession == null || userResponse.user == _currentSession?.user) {
+      return userResponse;
+    }

     _currentSession = currentSession?.copyWith(user: userResponse.user);
     notifyAllSubscribers(AuthChangeEvent.userUpdated);

     return userResponse;
🤖 Prompt for AI Agents 
Verify each finding against the current code and only fix it if needed.

In `@packages/gotrue/lib/src/gotrue_client.dart` around lines 720 - 728, The code
emits userUpdated even when there is no local session because
currentSession?.copyWith(...) returns null; fix by early-returning when
_currentSession is null: after constructing userResponse, if _currentSession is
null return userResponse (so no copyWith or notifyAllSubscribers is called);
otherwise update _currentSession with _currentSession.copyWith(user:
userResponse.user) and call notifyAllSubscribers(AuthChangeEvent.userUpdated).
Ensure you reference userResponse, _currentSession, copyWith,
notifyAllSubscribers, and AuthChangeEvent.userUpdated.

}

/// Updates user data, if there is a logged in user.
Expand Down