github-starred/better-auth
2
0
Fork 0
mirror of https://github.com/better-auth/better-auth.git synced 2026-05-23 15:42:09 -05:00
Code Issues 2.5k Packages Projects Releases 112 Wiki Activity
6,705 Commits 99 Branches 1,251 Tags
@better-auth/test-utils@1.6.7
Commit Graph

108 Commits

Author SHA1 Message Date
better-release[bot]
f8076d141a chore: release v1.6.7 (#9289) 2026-04-22 12:36:30 +01:00
Guilherme D'Alessandro
ec20325173 fix(passkey): verify passkey authentication isnt returning the user (#5209) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-22 10:10:48 +00:00
Tanish Valesha
4e0e6e1fd3 fix(oauth-provider): userinfo Authorization from ctx.headers for auth.api (#9244) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-22 09:20:54 +00:00
Gustavo Valverde
4f373eed8a feat(social-providers): accept array of Client IDs for ID token audience (#9292) 2026-04-22 09:02:56 +00:00
Ray
4a180f0b0c fix(core): serve noop ./instrumentation on browser and edge conditions (#9281) 2026-04-22 08:44:00 +00:00
Gustavo Valverde
e1b1cfc7a2 fix(oauth2): guard against undefined body when parsing state (#9293) 
Co-authored-by: Menachem Hornbacher <mhornbacher@kiddom.co>
 2026-04-22 08:23:13 +00:00
KinfeMichael Tariku
d053a4583e fix(phone-number): call callbackOnVerification when updatePhoneNumber is enabled (#4894) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-22 08:11:42 +00:00
Jarod Stewart
307196a405 fix(api): preserve response headers when APIError is thrown (#9211) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
 2026-04-22 06:47:16 +00:00
better-release[bot]
0290077760 chore: release v1.6.6 (#9222) 2026-04-21 17:42:18 +01:00
Taesu
9ea7eb1eab fix(cookies): preserve partitioned attribute on set-cookie round-trip (#9235) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-21 16:11:29 +00:00
Jonathan Samines
fe5f36c7e3 chore(sso): fix samlify ESM/CJS loading compat issue (#9262) 2026-04-21 16:06:04 +00:00
Taesu
b5742f9d08 feat(core): add mapConcurrent bounded-concurrency utility (#9227) 2026-04-21 15:31:08 +00:00
Maxwell
4debfb600f fix(custom-session): use coerced boolean for disableRefresh query param validation (#9214) 2026-04-21 10:22:32 +00:00
Maxwell
ab4c10fbc0 fix(organization): infer team additional fields correctly (#9266) 2026-04-21 08:16:39 +00:00
Terijaki
4677601429 fix(expo): read cached session data from SecureStore on app startup (#8953) 
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
 2026-04-21 06:49:49 +00:00
Gustavo Valverde
e64ff720fb fix: unify host classification and close SSRF gaps across packages (#9226) 2026-04-17 23:25:25 +00:00
Jonathan Samines
a844c7dd08 chore(core): update @opentelemetry/api dep declaration to be optional (#9111) 
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
 2026-04-17 14:26:40 +00:00
Maxwell
3728518d1c fix(api-key): run secondary-storage api-key executions in parallel (#9187) 
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com>
Co-authored-by: cubic-dev-ai[bot] <191113872+cubic-dev-ai[bot]@users.noreply.github.com>
Co-authored-by: Taesu <166604494+bytaesu@users.noreply.github.com>
 2026-04-17 12:43:30 +00:00
Taesu
a61083e023 fix(phone-number): allow removing phone number via updateUser (#9219) 2026-04-17 04:19:26 +00:00
better-release[bot]
c8a91f4167 chore: release v1.6.5 (#9209) 2026-04-16 11:05:30 +01:00
Daniel Müller
5b900a2b43 Merge commit from fork 
* Add tests reproducing GHSA-xr8f-h2gw-9xh6

* Fix GHSA-xr8f-h2gw-9xh6

* Move clientPrivilege assertion to shared helper

* chore: add oauth-provider changeset for GHSA-xr8f-h2gw-9xh6

---------

Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-16 10:52:33 +01:00
Gautam Manchandani
938dd80e2d docs(test-utils): clarify production usage (#9119) 
Signed-off-by: Gautam Manchandani <manchandanigautam@gmail.com>
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-16 01:20:34 +00:00
Ray
05386271ca fix(client): trigger $sessionSignal for session-rotating endpoints (#9087) 2026-04-15 15:27:48 +00:00
better-release[bot]
9ec849ff71 chore: release v1.6.4 (#9175) 2026-04-15 13:00:42 +01:00
Gustavo Valverde
39d6af2a39 chore(adapters): require patched drizzle-orm and kysely peer versions (#9165) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-15 11:37:50 +00:00
Gustavo Valverde
9aed910499 fix(two-factor): revert enforcement broadening from #9122 (#9205) 2026-04-15 10:59:53 +00:00
Gautam Manchandani
acbd6ef69f fix: honor forceAllowId UUIDs on postgres adapters (#9068) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-14 13:05:11 +00:00
better-release[bot]
6f17bb3ebd chore: release v1.6.3 (#9081) 2026-04-14 12:04:31 +01:00
Maxwell
9a6d4759cd fix(client): prevent isMounted race condition causing many rps (#9078) 
Co-authored-by: Taesu <bytaesu@gmail.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-14 09:36:59 +00:00
Gustavo Valverde
390a03190c fix(stripe): prevent prototype pollution via user-supplied metadata (#9164) 2026-04-14 08:05:31 +00:00
Gustavo Valverde
5142e9cec5 fix(auth): harden dynamic baseURL resolution (#9131) 2026-04-14 08:01:13 +00:00
Taesu
513dabb132 fix: resolve dynamic baseURL for direct auth.api calls (#9113) 2026-04-14 06:16:53 +00:00
Gustavo Valverde
e2e25a4954 fix(oauth-provider): graceful DCR override for unauthenticated confidential clients (#9123) 2026-04-11 15:25:06 +00:00
Byte-Biscuit
f8758975ae fix(two-factor): updated backup codes respect storeBackupCodes option (#7231) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-11 13:19:46 +00:00
Gustavo Valverde
484ce6a262 fix(two-factor): enforce 2FA on all sign-in paths (#9122) 2026-04-11 12:33:58 +00:00
Gustavo Valverde
314e06f0fd feat(oauth-provider): add customTokenResponseFields and harden authorization code validation (#9118) 2026-04-11 09:54:48 +00:00
Taesu
4673c6d83c fix(cli): handle extends and mid-path wildcards in tsconfig paths (#9032) 2026-04-10 16:26:53 +00:00
Gustavo Valverde
52c47517a2 fix(sso): unify SAML response processing and fix bugs (#9097) 2026-04-10 15:00:26 +00:00
Taesu
c5066fe5d6 fix(stripe): omit quantity for metered prices in checkout and upgrades (#8926) 
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
 2026-04-10 12:55:44 +00:00
Taesu
5f84335815 feat(stripe): support Stripe SDK v21 and v22 (#9084) 
Co-authored-by: leonardo2204 <1509421+leonardo2204@users.noreply.github.com>
Co-authored-by: better-release[bot] <273320539+better-release[bot]@users.noreply.github.com>
 2026-04-10 06:19:34 +00:00
Oluwatobi Mustapha
f6428d02fc fix(open-api): correct get-session nullable schema for OAS 3.1 (#8389) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
Co-authored-by: ping-maxwell <maxwell.multinite@gmail.com>
 2026-04-09 20:44:35 +00:00
Ray
6ce30cf138 fix: incorrect operationId in password reset callback endpoint (#9072) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-09 20:13:06 +00:00
better-release[bot]
700d298e1e chore: version packages (#9052) 2026-04-09 15:19:07 +01:00
Gustavo Valverde
4c829bf289 fix(oauth-provider): preserve multi-valued query params through prompt redirects (#9060) 2026-04-09 13:13:39 +00:00
Gustavo Valverde
b20fa424c3 fix(next-js): replace cookie probe with header-based RSC detection in nextCookies (#9059) 
Co-authored-by: Maxwell <145994855+ping-maxwell@users.noreply.github.com>
 2026-04-09 12:41:10 +00:00
Gustavo Valverde
608d8c3082 fix(sso): include RelayState in signed SAML AuthnRequests (#9058) 2026-04-09 12:05:02 +00:00
Dylan Vanmali
c6922dce8e refactor(oauth-provider): reject skip_consent at schema level in DCR (#8998) 2026-04-09 11:56:29 +00:00
Rayan Salhab
5e5d3f62fc fix(sso): normalize SAMLResponse whitespace at request boundary (#8968) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 11:04:10 +00:00
Jaydeep pipaliya
2cbcb9baac fix(oauth2): prevent cross-provider account collision in link-social callback (#8983) 
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 10:17:42 +00:00
Maxwell
9deb7936ab fix: cookie store strategy should verify oauth state (#8949) 
Co-authored-by: Bereket Engida <86073083+Bekacru@users.noreply.github.com>
Co-authored-by: Gustavo Valverde <g.valverde02@gmail.com>
 2026-04-09 09:26:36 +00:00