fix: avoid integer overflow in password policy migration

[riderx]

Summary (AI generated)

• clamp in numeric space before casting to integer in the existing migration
• update the org password policy check constraint and RLS guard to validate numeric integer-ness without overflowing on huge values
• keep the migration file in place so production can re-run the same migration safely

Motivation (AI generated)

Production hit while applying the migration because a persisted value exceeded PostgreSQL integer range before the clamp executed. The migration needs to tolerate malformed historical values and normalize them safely.

Business Impact (AI generated)

This unblocks production database deploys for the password policy rollout and prevents a single bad org setting from halting future deploys. It preserves the intended 72-character Supabase Auth limit without requiring manual data cleanup in production.

Test Plan (AI generated)

• Reproduced the overflow path against local Postgres with an oversized payload
• Verified the patched normalization returns instead of raising
• Verified the updated constraint predicate rejects a huge raw numeric value without overflowing

Generated with AI

Summary by CodeRabbit

• Bug Fixes
  • Improved password policy validation to ensure accurate password length enforcement between 6-72 characters.

[coderabbitai]

Caution

Review failed

Pull request was closed or merged during review

📝 Walkthrough

Walkthrough

Migration updates password policy validation logic to use numeric-based computations instead of integer casting for intermediate values. The normalization CTE and constraint checks are modified to ensure consistent type handling while validating the min_length parameter stays between 6 and 72.

Changes

Cohort / File(s)	Summary
Password Policy Validation supabase/migrations/20260319090430_password_policy_max_length_72.sql	Modified numeric type casting in normalization CTE (LEAST/GREATEST operations changed to use ::numeric) and updated constraint checks to enforce integer-equivalence via trunc() before applying BETWEEN validation.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Possibly related PRs

• fix(auth): cap password policy min length to 72 #1828: Modifies the same migration file enforcing password_policy_config.min_length constraints; this PR refines the numeric casting and validation logic within that enforcement.

Poem

🐰 A rabbit hops through numeric fields,
Where integers and decimals yield,
Between six and seventy-two we stay,
Type-safe passwords, hip-hip-hooray! ✨

🚥 Pre-merge checks | ✅ 2 | ❌ 1

❌ Failed checks (1 warning)

Check name	Status	Explanation	Resolution
Description check	⚠️ Warning	The PR description includes a summary of changes, motivation, and business impact. However, the description template requires structured sections with specific checklist items that are not filled out in the provided description.	Add the template sections: move AI-generated content into the Summary section, add a detailed Test Plan section with specific reproduction steps, include Screenshots section (or note N/A for backend), and complete the Checklist with verification of code style, documentation, test coverage, and manual testing.

✅ Passed checks (2 passed)

Check name	Status	Explanation
Title check	✅ Passed	The title accurately describes the main change: fixing integer overflow in a password policy migration, which directly addresses the core issue of safely handling numeric values that exceed PostgreSQL integer ranges.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Commit unit tests in branch codex/fix-password-policy-migration-overflow

📝 Coding Plan

• Generate coding plan for human review comments

Warning

There were issues while running some tools. Please review the errors and either fix the tool's configuration or disable the tool if it's a critical failure.

🔧 SQLFluff (4.0.4)

supabase/migrations/20260319090430_password_policy_max_length_72.sql

User Error: No dialect was specified. You must configure a dialect or specify one on the command line using --dialect after the command. Available dialects:
ansi, athena, bigquery, clickhouse, databricks, db2, doris, duckdb, exasol, flink, greenplum, hive, impala, mariadb, materialize, mysql, oracle, postgres, redshift, snowflake, soql, sparksql, sqlite, starrocks, teradata, trino, tsql, vertica

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

capgo/supabase/migrations/20260319090430_password_policy_max_length_72.sql

Lines 45 to 46 in 19ebb4a

	ALTER TABLE "public"."orgs"
	ADD CONSTRAINT "orgs_password_policy_config_min_length_check"

Ship this DDL fix in a new migration

I checked git log --follow for this file and 20260319090430_password_policy_max_length_72.sql already existed before this commit, while supabase/migration_guide.md:53 says pushed migrations must be treated as immutable. That means any environment that already recorded version 20260319090430 will never re-run these new ::numeric definitions, so it keeps the old overflowing ::integer casts in orgs_password_policy_config_min_length_check and the Allow update for auth (admin+) policy. In practice this only fixes first-time applies; staging/self-hosted/prod databases that already applied the earlier migration still need a follow-up migration.

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[sonarqubecloud]

Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
0.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud