Enforce RLS when user opted in to MFA. (#188)

* Allow Super Admin to view tables using RLS
* Replace previous usages of the Admin client using the authed client using the new RLS
* Enforce MFA for Super Admin users
* Enforce RLS when user opted in to MFA.
* Add Super Admin Access Policies and Update Database Types
* Consolidate super admin logic into a single function that uses the RPC is_super_admin
* Added Super Admin E2E tests
* Fixes and improvements
* Bump version to 2.5.0

apps/e2e/tests/authentication/auth.po.ts

@@ -1,4 +1,5 @@
 import { Page, expect } from '@playwright/test';
+import { TOTP } from 'totp-generator';
 
 import { Mailbox } from '../utils/mailbox';
 
@@ -46,6 +47,21 @@ export class AuthPageObject {
     await this.page.click('button[type="submit"]');
   }
 
+  async submitMFAVerification(key: string) {
+    const period = 30;
+
+    const { otp } = TOTP.generate(key, {
+      period,
+    });
+
+    console.log(`OTP ${otp} code`, {
+      period,
+    });
+
+    await this.page.fill('[data-input-otp]', otp);
+    await this.page.click('[data-test="submit-mfa-button"]');
+  }
+
   async visitConfirmEmailLink(
     email: string,
     params: {

apps/e2e/tests/authentication/auth.spec.ts

@@ -71,6 +71,23 @@ test.describe('Auth flow', () => {
 });
 
 test.describe('Protected routes', () => {
+  test('when logged out, redirects to the correct page after sign in', async ({
+    page,
+  }) => {
+    const auth = new AuthPageObject(page);
+
+    await page.goto('/home/settings');
+
+    await auth.signIn({
+      email: 'test@makerkit.dev',
+      password: 'testingpassword',
+    });
+
+    await page.waitForURL('/home/settings');
+
+    expect(page.url()).toContain('/home/settings');
+  });
+
   test('will redirect to the sign-in page if not authenticated', async ({
     page,
   }) => {
@@ -78,10 +95,4 @@ test.describe('Protected routes', () => {
 
     expect(page.url()).toContain('/auth/sign-in?next=/home/settings');
   });
-
-  test('will return a 404 for the admin page', async ({ page }) => {
-    await page.goto('/admin');
-
-    expect(page.url()).toContain('/auth/sign-in');
-  });
 });

apps/e2e/tests/authentication/password-reset.spec.ts

@@ -54,14 +54,10 @@ test.describe('Password Reset Flow', () => {
       await page.waitForURL('/home');
     }).toPass();
 
-    await page.context().clearCookies();
-    await page.reload();
+    await auth.signOut();
 
-    await page
-      .locator('a', {
-        hasText: 'Sign in',
-      })
-      .click();
+    await page.waitForURL('/');
+    await page.goto('/auth/sign-in');
 
     await auth.signIn({
       email,