From 80535a72fd80aa0a4af9605d1de0fd5600fa1b39 Mon Sep 17 00:00:00 2001
From: Hacinto Moen <h@m4logix.com>
Date: Thu, 28 Mar 2024 09:36:33 -0400
Subject: [PATCH] fix(context): call getUser() before getSession() for security
 https://github.com/supabase/auth-js/pull/846/commits

---
 packages/react/src/components/Auth/UserContext.tsx | 5 +++--
 packages/solid/src/components/Auth/UserContext.tsx | 4 +++-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/packages/react/src/components/Auth/UserContext.tsx b/packages/react/src/components/Auth/UserContext.tsx
index d9d9b4af..782306c7 100644
--- a/packages/react/src/components/Auth/UserContext.tsx
+++ b/packages/react/src/components/Auth/UserContext.tsx
@@ -1,5 +1,5 @@
-import React, { useEffect, useState, createContext, useContext } from 'react'
-import { SupabaseClient, Session, User } from '@supabase/supabase-js'
+import React, { createContext, useContext, useEffect, useState } from 'react'
+import { Session, SupabaseClient, User } from '@supabase/supabase-js'
 
 export interface AuthSession {
   user: User | null
@@ -20,6 +20,7 @@ export const UserContextProvider = (props: Props) => {
 
   useEffect(() => {
     ;(async () => {
+      await supabaseClient.auth.getUser()
       const { data } = await supabaseClient.auth.getSession()
       setSession(data.session)
       setUser(data.session?.user ?? null)
diff --git a/packages/solid/src/components/Auth/UserContext.tsx b/packages/solid/src/components/Auth/UserContext.tsx
index d8716ef6..821556b8 100644
--- a/packages/solid/src/components/Auth/UserContext.tsx
+++ b/packages/solid/src/components/Auth/UserContext.tsx
@@ -1,10 +1,11 @@
-import { SupabaseClient, Session, User } from "@supabase/supabase-js";
+import { Session, SupabaseClient, User } from "@supabase/supabase-js";
 import {
   createContext,
   createEffect,
   createSignal,
   useContext,
 } from "solid-js";
+
 import { createStore } from "solid-js/store";
 
 export interface AuthSession {
@@ -29,6 +30,7 @@ export const UserContextProvider = (props: Props) => {
   });
 
   async function getSupabaseSession() {
+    await supabaseClient.auth.getUser()
     const { data } = await supabaseClient.auth.getSession();
     setSession(data.session);
     setUser(data.session?.user ?? null);