From f7f9b89c8c007f88012098a73053a5c5a53299cb Mon Sep 17 00:00:00 2001
From: Kang Ming <kang.ming1996@gmail.com>
Date: Thu, 15 Feb 2024 17:49:36 +0800
Subject: [PATCH] fix: update phone if autoconfirm is enabled (#1431)

## What kind of change does this PR introduce?
* In #1407, the update user endpoint was refactored to use `smsVerify`
if `GOTRUE_SMS_AUTOCONFIRM` is enabled. However, `smsVerify` doesn't
update the user's phone number to the new one. This PR aims to fix that.
---
 internal/api/user.go      | 1 +
 internal/api/user_test.go | 7 +++++++
 internal/models/user.go   | 6 ------
 3 files changed, 8 insertions(+), 6 deletions(-)

diff --git a/internal/api/user.go b/internal/api/user.go
index 83d067a264..73991b4646 100644
--- a/internal/api/user.go
+++ b/internal/api/user.go
@@ -215,6 +215,7 @@ func (a *API) UserUpdate(w http.ResponseWriter, r *http.Request) error {
 
 		if params.Phone != "" && params.Phone != user.GetPhone() {
 			if config.Sms.Autoconfirm {
+				user.PhoneChange = params.Phone
 				if _, terr := a.smsVerify(r, ctx, tx, user, &VerifyParams{
 					Type:  phoneChangeVerification,
 					Phone: params.Phone,
diff --git a/internal/api/user_test.go b/internal/api/user_test.go
index c449cb02c9..2136f29c76 100644
--- a/internal/api/user_test.go
+++ b/internal/api/user_test.go
@@ -197,6 +197,13 @@ func (ts *UserTestSuite) TestUserUpdatePhoneAutoconfirmEnabled() {
 			w := httptest.NewRecorder()
 			ts.API.handler.ServeHTTP(w, req)
 			require.Equal(ts.T(), c.expectedCode, w.Code)
+
+			if c.expectedCode == http.StatusOK {
+				// check that the user response returned contains the updated phone field
+				data := &models.User{}
+				require.NoError(ts.T(), json.NewDecoder(w.Body).Decode(&data))
+				require.Equal(ts.T(), data.GetPhone(), c.userData["phone"])
+			}
 		})
 	}
 
diff --git a/internal/models/user.go b/internal/models/user.go
index 7a8540e7af..5a8996544f 100644
--- a/internal/models/user.go
+++ b/internal/models/user.go
@@ -305,12 +305,6 @@ func (u *User) UpdatePassword(tx *storage.Connection, sessionID *uuid.UUID) erro
 	}
 }
 
-// UpdatePhone updates the user's phone
-func (u *User) UpdatePhone(tx *storage.Connection, phone string) error {
-	u.Phone = storage.NullString(phone)
-	return tx.UpdateOnly(u, "phone")
-}
-
 // Authenticate a user from a password
 func (u *User) Authenticate(ctx context.Context, password string) bool {
 	err := crypto.CompareHashAndPassword(ctx, u.EncryptedPassword, password)