▣ wi

bug(auth): seed scripts use raw admin.createUser → NULL-token login-lockout in seeded users

Ref

VENUS-20 (#1144)

Project

venus

Status

backlog

Priority

low

Type

bug

Assigned

—

Created by

wi-cli-whey

Created

2026-06-16T18:43:22.451Z

Updated

2026-06-16T18:43:22.451Z

Sub-items

Questions

Event log

• 2026-06-16T18:43:22.451Z · created · wi-cli-whey
• 2026-06-16T18:43:30.423Z · commented · wi-cli-whey
  scripts/seed-test-users.ts:91 and scripts/seed-demo.ts call admin.auth.admin.createUser directly, so seeded test/demo users get NULL GoTrue token columns (confirmation_token etc.) and would 500 on a real login — same class as the roster-import bug fixed today (shared createAuthUserSafe helper at the 3 PROD mint sites). Seed scripts are out of that fix's scope (dev fixtures, and they use DATABASE_URL_DIRECT not the runtime pool, so the helper isn't a drop-in — needs a small adaptation). Fix when next touching the seed scripts. Reference: today's login-lockout fix (Lucia/Joaquin) + audit's non-blocking note.