supertokens · porcellus · Oct 17, 2024 · Oct 7, 2024 · Oct 17, 2024
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -20,7 +20,7 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 -   Changes type of value in formField object to be `unknown` instead of `string` to add support for accepting any type of value in form fields.
 -   Only supporting CDI 5.2, Compatible with Core version >= 10.0
--   Changed the default value of `overwriteSessionDuringSignInUp` to true.
+-   Removed the `overwriteSessionDuringSignInUp` option.
 -   Added a new `shouldTryLinkingWithSessionUser` to sign in/up related APIs (and the related recipe functions)
     -   This will default to false on the API
     -   This will be set to true in function calls if you pass a session, otherwise it is set to false

diff --git a/lib/build/authUtils.js b/lib/build/authUtils.js
diff --git a/lib/build/recipe/session/recipe.d.ts b/lib/build/recipe/session/recipe.d.ts
@@ -54,5 +54,4 @@ export default class SessionRecipe extends RecipeModule {
         response: BaseResponse,
         userContext: UserContext
     ) => Promise<import("./types").SessionContainerInterface | undefined>;
-    getNormalisedOverwriteSessionDuringSignInUp: (req: any) => boolean;
 }
diff --git a/lib/build/recipe/session/recipe.js b/lib/build/recipe/session/recipe.js
@@ -178,14 +178,6 @@ class SessionRecipe extends recipeModule_1.default {
                 userContext,
             });
         };
-        this.getNormalisedOverwriteSessionDuringSignInUp = (req) => {
-            var _a;
-            const supportsFDI31 = utils_2.hasGreaterThanEqualToFDI(req, "3.1");
-            const res =
-                (_a = this.config.overwriteSessionDuringSignInUp) !== null && _a !== void 0 ? _a : supportsFDI31;
-            logger_1.logDebugMessage("getNormalisedOverwriteSessionDuringSignInUp returning: " + res);
-            return res;
-        };
         this.config = utils_1.validateAndNormaliseUserInput(this, appInfo, config);
         const antiCsrfToLog =
             typeof this.config.antiCsrfFunctionOrString === "string"

diff --git a/lib/build/recipe/session/types.d.ts b/lib/build/recipe/session/types.d.ts
@@ -46,7 +46,6 @@ export declare type TypeInput = {
     cookieSameSite?: "strict" | "lax" | "none";
     cookieDomain?: string;
     olderCookieDomain?: string;
-    overwriteSessionDuringSignInUp?: boolean;
     getTokenTransferMethod?: (input: {
         req: BaseRequest;
         forCreateNewSession: boolean;
@@ -77,7 +76,6 @@ export declare type TypeNormalisedInput = {
     cookieSecure: boolean;
     sessionExpiredStatusCode: number;
     errorHandlers: NormalisedErrorHandlers;
-    overwriteSessionDuringSignInUp: boolean | undefined;
     antiCsrfFunctionOrString:
         | "VIA_TOKEN"
         | "VIA_CUSTOM_HEADER"

diff --git a/lib/build/recipe/session/utils.js b/lib/build/recipe/session/utils.js
@@ -230,8 +230,6 @@ function validateAndNormaliseUserInput(recipeInstance, appInfo, config) {
         antiCsrfFunctionOrString: antiCsrf,
         override,
         invalidClaimStatusCode,
-        overwriteSessionDuringSignInUp:
-            config === null || config === void 0 ? void 0 : config.overwriteSessionDuringSignInUp,
         jwksRefreshIntervalSec:
             (_d = config === null || config === void 0 ? void 0 : config.jwksRefreshIntervalSec) !== null &&
             _d !== void 0

diff --git a/lib/ts/authUtils.ts b/lib/ts/authUtils.ts
@@ -13,7 +13,6 @@ import SessionError from "./recipe/session/error";
 import { Error as STError, getUser } from ".";
 import { AccountInfoWithRecipeId } from "./recipe/accountlinking/types";
 import { BaseRequest, BaseResponse } from "./framework";
-import SessionRecipe from "./recipe/session/recipe";
 import { logDebugMessage } from "./logger";
 import { EmailVerificationClaim } from "./recipe/emailverification";
 import SuperTokensError from "./error";
@@ -276,24 +275,14 @@ export const AuthUtils = {
                     await MultiFactorAuth.markFactorAsCompleteInSession(respSession!, factorId, userContext);
                 }
             } else {
-                logDebugMessage(`postAuthChecks checking overwriteSessionDuringSignInUp`);
-                // If the new user wasn't linked to the current one, we check the config and overwrite the session if required
+                // If the new user wasn't linked to the current one, we overwrite the session
                 // Note: we could also get here if MFA is enabled, but the app didn't want to link the user to the session user.
-                // This is intentional, since the MFA and overwriteSessionDuringSignInUp configs should work independently.
-                let overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().getNormalisedOverwriteSessionDuringSignInUp(
-                    req
-                );
-                if (overwriteSessionDuringSignInUp) {
-                    respSession = await Session.createNewSession(req, res, tenantId, recipeUserId, {}, {}, userContext);
-                    if (mfaInstance !== undefined) {
-                        await MultiFactorAuth.markFactorAsCompleteInSession(respSession!, factorId, userContext);
-                    }
+                respSession = await Session.createNewSession(req, res, tenantId, recipeUserId, {}, {}, userContext);
+                if (mfaInstance !== undefined) {
+                    await MultiFactorAuth.markFactorAsCompleteInSession(respSession!, factorId, userContext);
                 }
             }
         } else {
-            // We do not have to care about overwriting the session here, since we either:
-            // - have overwriteSessionDuringSignInUp true and we didn't even try to load the session because we ignore it anyway
-            // - have overwriteSessionDuringSignInUp false and we checked in the api imlp that there is no session
             logDebugMessage(`postAuthChecks creating session for first factor sign in/up`);
             // If there is no input session, we do not need to do anything other checks and create a new session
             respSession = await Session.createNewSession(req, res, tenantId, recipeUserId, {}, {}, userContext);
@@ -1024,10 +1013,6 @@ export const AuthUtils = {
         shouldTryLinkingWithSessionUser: boolean | undefined,
         userContext: UserContext
     ) {
-        const overwriteSessionDuringSignInUp = SessionRecipe.getInstanceOrThrowError().getNormalisedOverwriteSessionDuringSignInUp(
-            req
-        );
-
         if (shouldTryLinkingWithSessionUser !== false) {
             logDebugMessage(
                 "loadSessionInAuthAPIIfNeeded: loading session because shouldTryLinkingWithSessionUser is not set to false so we may want to link later"
@@ -1045,20 +1030,6 @@ export const AuthUtils = {
             );
         }
 
-        if (overwriteSessionDuringSignInUp === false) {
-            logDebugMessage(
-                "loadSessionInAuthAPIIfNeeded: loading session in optional mode because overwriteSessionDuringSignInUp is false so if it is not found we will skip session creation"
-            );
-            return await Session.getSession(
-                req,
-                res,
-                {
-                    sessionRequired: false,
-                    overrideGlobalClaimValidators: () => [],
-                },
-                userContext
-            );
-        }
         logDebugMessage(
             "loadSessionInAuthAPIIfNeeded: skipping session loading because we are not linking and we would overwrite it anyway"
         );

diff --git a/lib/ts/recipe/session/recipe.ts b/lib/ts/recipe/session/recipe.ts
@@ -42,7 +42,7 @@ import OverrideableBuilder from "supertokens-js-override";
 import { APIOptions } from ".";
 import { logDebugMessage } from "../../logger";
 import { resetCombinedJWKS } from "../../combinedRemoteJWKSet";
-import { hasGreaterThanEqualToFDI, isTestEnv } from "../../utils";
+import { isTestEnv } from "../../utils";
 
 // For Express
 export default class SessionRecipe extends RecipeModule {
@@ -272,11 +272,4 @@ export default class SessionRecipe extends RecipeModule {
             userContext,
         });
     };
-
-    getNormalisedOverwriteSessionDuringSignInUp = (req: any) => {
-        const supportsFDI31 = hasGreaterThanEqualToFDI(req, "3.1");
-        const res = this.config.overwriteSessionDuringSignInUp ?? supportsFDI31;
-        logDebugMessage("getNormalisedOverwriteSessionDuringSignInUp returning: " + res);
-        return res;
-    };
 }
diff --git a/lib/ts/recipe/session/types.ts b/lib/ts/recipe/session/types.ts
@@ -68,7 +68,6 @@ export type TypeInput = {
     cookieSameSite?: "strict" | "lax" | "none";
     cookieDomain?: string;
     olderCookieDomain?: string;
-    overwriteSessionDuringSignInUp?: boolean;
 
     getTokenTransferMethod?: (input: {
         req: BaseRequest;
@@ -102,7 +101,6 @@ export type TypeNormalisedInput = {
     cookieSecure: boolean;
     sessionExpiredStatusCode: number;
     errorHandlers: NormalisedErrorHandlers;
-    overwriteSessionDuringSignInUp: boolean | undefined;
 
     antiCsrfFunctionOrString:
         | "VIA_TOKEN"

diff --git a/lib/ts/recipe/session/utils.ts b/lib/ts/recipe/session/utils.ts
@@ -303,7 +303,6 @@ export function validateAndNormaliseUserInput(
         antiCsrfFunctionOrString: antiCsrf,
         override,
         invalidClaimStatusCode,
-        overwriteSessionDuringSignInUp: config?.overwriteSessionDuringSignInUp,
         jwksRefreshIntervalSec: config?.jwksRefreshIntervalSec ?? 3600 * 4,
     };
 }