import { PermissionAction } from '@supabase/shared-types/out/constants' import { ExternalLink, Eye, EyeOff } from 'lucide-react' import Link from 'next/link' import { useEffect, useState } from 'react' import { toast } from 'sonner' import { boolean, number, object, string } from 'yup' import { useParams } from 'common' import { Markdown } from 'components/interfaces/Markdown' import { FormActions } from 'components/ui/Forms/FormActions' import { FormPanel } from 'components/ui/Forms/FormPanel' import { FormSection, FormSectionContent, FormSectionLabel } from 'components/ui/Forms/FormSection' import NoPermission from 'components/ui/NoPermission' import UpgradeToPro from 'components/ui/UpgradeToPro' import { useAuthConfigQuery } from 'data/auth/auth-config-query' import { useAuthConfigUpdateMutation } from 'data/auth/auth-config-update-mutation' import { useOrgSubscriptionQuery } from 'data/subscriptions/org-subscription-query' import { useCheckPermissions } from 'hooks/misc/useCheckPermissions' import { useSelectedOrganization } from 'hooks/misc/useSelectedOrganization' import { IS_PLATFORM } from 'lib/constants' import { AlertDescription_Shadcn_, AlertTitle_Shadcn_, Alert_Shadcn_, Button, Form, Input, InputNumber, Toggle, WarningIcon, } from 'ui' import FormField from '../AuthProvidersForm/FormField' // Use a const string to represent no chars option. Represented as empty string on the backend side. const NO_REQUIRED_CHARACTERS = 'NO_REQUIRED_CHARS' const LETTERS_AND_DIGITS = 'abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789' const LOWER_UPPER_DIGITS = 'abcdefghijklmnopqrstuvwxyz:ABCDEFGHIJKLMNOPQRSTUVWXYZ:0123456789' const LOWER_UPPER_DIGITS_SYMBOLS = LOWER_UPPER_DIGITS + ':!@#$%^&*()_+-=[]{};\'\\\\:"|<>?,./`~' const schema = object({ DISABLE_SIGNUP: boolean().required(), EXTERNAL_ANONYMOUS_USERS_ENABLED: boolean().required(), SECURITY_MANUAL_LINKING_ENABLED: boolean().required(), SITE_URL: string().required('Must have a Site URL'), SECURITY_CAPTCHA_ENABLED: boolean().required(), SECURITY_CAPTCHA_SECRET: string().when('SECURITY_CAPTCHA_ENABLED', { is: true, then: (schema) => schema.required('Must have a Captcha secret'), }), SECURITY_CAPTCHA_PROVIDER: string().when('SECURITY_CAPTCHA_ENABLED', { is: true, then: (schema) => schema .oneOf(['hcaptcha', 'turnstile']) .required('Captcha provider must be either hcaptcha or turnstile'), }), SESSIONS_TIMEBOX: number().min(0, 'Must be a positive number'), SESSIONS_INACTIVITY_TIMEOUT: number().min(0, 'Must be a positive number'), SESSIONS_SINGLE_PER_USER: boolean(), PASSWORD_MIN_LENGTH: number().min(6, 'Must be greater or equal to 6.'), PASSWORD_REQUIRED_CHARACTERS: string(), PASSWORD_HIBP_ENABLED: boolean(), }) function HoursOrNeverText({ value }: { value: number }) { if (value === 0) { return 'never' } else if (value === 1) { return 'hour' } else { return 'hours' } } const formId = 'auth-config-basic-settings' const BasicAuthSettingsForm = () => { const { ref: projectRef } = useParams() const { data: authConfig, error: authConfigError, isLoading, isError, isSuccess, } = useAuthConfigQuery({ projectRef }) const { mutate: updateAuthConfig, isLoading: isUpdatingConfig } = useAuthConfigUpdateMutation() const [hidden, setHidden] = useState(true) const canReadConfig = useCheckPermissions(PermissionAction.READ, 'custom_config_gotrue') const canUpdateConfig = useCheckPermissions(PermissionAction.UPDATE, 'custom_config_gotrue') const organization = useSelectedOrganization() const { data: subscription, isSuccess: isSuccessSubscription } = useOrgSubscriptionQuery( { orgSlug: organization?.slug, }, { enabled: IS_PLATFORM } ) const isProPlanAndUp = isSuccessSubscription && subscription?.plan?.id !== 'free' const promptProPlanUpgrade = IS_PLATFORM && !isProPlanAndUp const INITIAL_VALUES = { DISABLE_SIGNUP: !authConfig?.DISABLE_SIGNUP, EXTERNAL_ANONYMOUS_USERS_ENABLED: authConfig?.EXTERNAL_ANONYMOUS_USERS_ENABLED, SECURITY_MANUAL_LINKING_ENABLED: authConfig?.SECURITY_MANUAL_LINKING_ENABLED || false, SITE_URL: authConfig?.SITE_URL, SECURITY_CAPTCHA_ENABLED: authConfig?.SECURITY_CAPTCHA_ENABLED || false, SECURITY_CAPTCHA_SECRET: authConfig?.SECURITY_CAPTCHA_SECRET || '', SECURITY_CAPTCHA_PROVIDER: authConfig?.SECURITY_CAPTCHA_PROVIDER || 'hcaptcha', SESSIONS_TIMEBOX: authConfig?.SESSIONS_TIMEBOX || 0, SESSIONS_INACTIVITY_TIMEOUT: authConfig?.SESSIONS_INACTIVITY_TIMEOUT || 0, SESSIONS_SINGLE_PER_USER: authConfig?.SESSIONS_SINGLE_PER_USER || false, PASSWORD_MIN_LENGTH: authConfig?.PASSWORD_MIN_LENGTH || 6, PASSWORD_REQUIRED_CHARACTERS: authConfig?.PASSWORD_REQUIRED_CHARACTERS || NO_REQUIRED_CHARACTERS, PASSWORD_HIBP_ENABLED: authConfig?.PASSWORD_HIBP_ENABLED || false, } const onSubmit = (values: any, { resetForm }: any) => { const payload = { ...values } payload.DISABLE_SIGNUP = !values.DISABLE_SIGNUP // The backend uses empty string to represent no required characters in the password if (payload.PASSWORD_REQUIRED_CHARACTERS === NO_REQUIRED_CHARACTERS) { payload.PASSWORD_REQUIRED_CHARACTERS = '' } updateAuthConfig( { projectRef: projectRef!, config: payload }, { onError: (error) => { toast.error(`Failed to update settings: ${error?.message}`) }, onSuccess: () => { toast.success(`Successfully updated settings`) resetForm({ values: values, initialValues: values }) }, } ) } if (isError) { return ( Failed to retrieve auth configuration {authConfigError.message} ) } if (!canReadConfig) { return } return (
{({ handleReset, resetForm, values, initialValues, setFieldValue }: any) => { const hasChanges = JSON.stringify(values) !== JSON.stringify(initialValues) // Form is reset once remote data is loaded in store // eslint-disable-next-line react-hooks/rules-of-hooks useEffect(() => { if (isSuccess) resetForm({ values: INITIAL_VALUES, initialValues: INITIAL_VALUES }) }, [isSuccess]) return ( <> } > User Signups}> } disabled={!canUpdateConfig} /> } disabled={!canUpdateConfig} /> {values.EXTERNAL_ANONYMOUS_USERS_ENABLED && (
Anonymous users will use the{' '} authenticated role when signing in

As a result, anonymous users will be subjected to RLS policies that apply to the public and{' '} authenticated roles. We strongly advise{' '} reviewing your RLS policies {' '} to ensure that access to your data is restricted where required.

{!values.SECURITY_CAPTCHA_ENABLED && ( We highly recommend{' '} { const el = document.getElementById('enable-captcha') if (el) el.scrollIntoView({ behavior: 'smooth', block: 'center' }) }} > enabling captcha {' '} for anonymous sign-ins This will prevent potential abuse on sign-ins which may bloat your database and incur costs for monthly active users (MAU) )}
)}
Passwords}> characters} disabled={!canUpdateConfig} /> {!promptProPlanUpgrade ? ( <> ) : ( )} User Sessions}> {!promptProPlanUpgrade ? ( <> ) : ( )} } disabled={!canUpdateConfig || !isProPlanAndUp} /> } disabled={!canUpdateConfig || !isProPlanAndUp} /> Bot and Abuse Protection} > {values.SECURITY_CAPTCHA_ENABLED && ( <> : } type="default" onClick={() => setHidden(!hidden)} /> } /> )}
) }}
) } export default BasicAuthSettingsForm