diff --git a/packages/next-auth/package.json b/packages/next-auth/package.json index 33368d3700..392dc36e3d 100644 --- a/packages/next-auth/package.json +++ b/packages/next-auth/package.json @@ -103,6 +103,7 @@ "@testing-library/react": "^13.3.0", "@testing-library/react-hooks": "^8.0.0", "@testing-library/user-event": "^14.2.0", + "@types/jest": "^28.1.3", "@types/node": "^17.0.42", "@types/nodemailer": "^6.4.4", "@types/oauth": "^0.9.1", diff --git a/packages/next-auth/src/next/index.ts b/packages/next-auth/src/next/index.ts index 2be4071317..a1649a9414 100644 --- a/packages/next-auth/src/next/index.ts +++ b/packages/next-auth/src/next/index.ts @@ -96,6 +96,9 @@ export async function unstable_getServerSession( ) const [req, res, options] = args; + + options.secret = options.secret ?? process.env.NEXTAUTH_SECRET + const session = await NextAuthHandler({ options, req: { diff --git a/packages/next-auth/tests/assert.test.ts b/packages/next-auth/tests/assert.test.ts index 13cd24549a..7eaa4bf437 100644 --- a/packages/next-auth/tests/assert.test.ts +++ b/packages/next-auth/tests/assert.test.ts @@ -1,3 +1,4 @@ +import { InvalidCallbackUrl, MissingSecret } from "../src/core/errors" import { handler } from "./lib" it("Show error page if secret is not defined", async () => { @@ -10,7 +11,7 @@ it("Show error page if secret is not defined", async () => { expect(res.html).toMatch(/there is a problem with the server configuration./i) expect(res.html).toMatch(/check the server logs for more information./i) - expect(log.error).toBeCalledWith("NO_SECRET", expect.anything()) + expect(log.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret)) }) it("Should show configuration error page on invalid `callbackUrl`", async () => { @@ -25,7 +26,7 @@ it("Should show configuration error page on invalid `callbackUrl`", async () => expect(log.error).toBeCalledWith( "INVALID_CALLBACK_URL_ERROR", - expect.anything() + expect.any(InvalidCallbackUrl) ) }) @@ -38,6 +39,6 @@ it("Allow relative `callbackUrl`", async () => { expect(res.status).not.toBe(500) expect(log.error).not.toBeCalledWith( "INVALID_CALLBACK_URL_ERROR", - expect.anything() + expect.any(InvalidCallbackUrl) ) }) diff --git a/packages/next-auth/tests/getServerSession.test.ts b/packages/next-auth/tests/getServerSession.test.ts new file mode 100644 index 0000000000..50e5cdef3f --- /dev/null +++ b/packages/next-auth/tests/getServerSession.test.ts @@ -0,0 +1,53 @@ +import type { NextApiRequest } from "next" +import { MissingSecret } from "../src/core/errors" +import { unstable_getServerSession } from "../src/next" +import { mockLogger } from "./lib" + +let originalWarn = console.warn +let logger = mockLogger() + +beforeEach(() => { + process.env.NODE_ENV = "production" + process.env.NEXTAUTH_URL = "http://localhost" + console.warn = jest.fn() +}) + +afterEach(() => { + logger = mockLogger() + process.env.NODE_ENV = "test" + delete process.env.NEXTAUTH_URL + console.warn = originalWarn +}) + +describe("Treat secret correctly", () => { + const req: any = { headers: {} } + const res: any = { setHeader: jest.fn(), getHeader: jest.fn() } + + it("Read from NEXTAUTH_SECRET", async () => { + process.env.NEXTAUTH_SECRET = "secret" + await unstable_getServerSession(req, res, { providers: [], logger }) + + expect(logger.error).toBeCalledTimes(0) + expect(logger.error).not.toBeCalledWith("NO_SECRET") + + delete process.env.NEXTAUTH_SECRET + }) + + it("Read from options.secret", async () => { + await unstable_getServerSession(req, res, { + providers: [], + logger, + secret: "secret", + }) + + expect(logger.error).toBeCalledTimes(0) + expect(logger.error).not.toBeCalledWith("NO_SECRET") + }) + + it("Error if missing NEXTAUTH_SECRET and secret", async () => { + await unstable_getServerSession(req, res, { providers: [], logger }) + + expect(logger.error).toBeCalledTimes(1) + expect(logger.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret)) + }) +}) diff --git a/packages/next-auth/tests/lib.ts b/packages/next-auth/tests/lib.ts index ec933d735e..7b4914d403 100644 --- a/packages/next-auth/tests/lib.ts +++ b/packages/next-auth/tests/lib.ts @@ -1,6 +1,12 @@ import type { LoggerInstance, NextAuthOptions } from "../src" import { NextAuthHandler } from "../src/core" +export const mockLogger: () => LoggerInstance = () => ({ + error: jest.fn(() => {}), + warn: jest.fn(() => {}), + debug: jest.fn(() => {}), +}) + export async function handler( options: NextAuthOptions, { @@ -16,11 +22,6 @@ export async function handler( // @ts-ignore if (prod) process.env.NODE_ENV = "production" - const mockLogger: LoggerInstance = { - error: jest.fn(), - warn: jest.fn(), - debug: jest.fn(), - } const url = new URL( `http://localhost/api/auth/${path ?? "signin"}?${new URLSearchParams( params ?? {} @@ -31,9 +32,10 @@ export async function handler( host: "", }, }) + const logger = mockLogger() const response = await NextAuthHandler({ req, - options: { secret: "secret", ...options, logger: mockLogger }, + options: { secret: "secret", ...options, logger }, }) // @ts-ignore if (prod) process.env.NODE_ENV = "test" @@ -44,6 +46,6 @@ export async function handler( html: response.headers?.[0].value === "text/html" ? response.body : undefined, }, - log: mockLogger, + log: logger, } } diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index 383b8dba85..3b16eefa62 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -403,6 +403,7 @@ importers: '@testing-library/react': ^13.3.0 '@testing-library/react-hooks': ^8.0.0 '@testing-library/user-event': ^14.2.0 + '@types/jest': ^28.1.3 '@types/node': ^17.0.42 '@types/nodemailer': ^6.4.4 '@types/oauth': ^0.9.1 @@ -456,6 +457,7 @@ importers: '@testing-library/react': 13.3.0_biqbaboplfbrettd7655fr4n2y '@testing-library/react-hooks': 8.0.1_twyhzqqpkwvvgrmyeapdo6i4my '@testing-library/user-event': 14.2.1_ihvo3xlg2d6kwqju3os3zitn3y + '@types/jest': 28.1.3 '@types/node': 17.0.45 '@types/nodemailer': 6.4.4 '@types/oauth': 0.9.1 @@ -13762,7 +13764,7 @@ packages: engines: {node: '>=12.0.0'} dependencies: ansi-escapes: 4.3.2 - chalk: 4.1.1 + chalk: 4.1.2 cli-cursor: 3.1.0 cli-width: 3.0.0 external-editor: 3.1.0 @@ -16052,7 +16054,7 @@ packages: resolution: {integrity: sha512-8XPvpAA8uyhfteu8pIvQxpJZ7SYYdpUivZpGy6sFsBuKRY/7rQGavedeB8aK+Zkyq6upMFVL/9AW6vOYzfRyLg==} engines: {node: '>=10'} dependencies: - chalk: 4.1.1 + chalk: 4.1.2 is-unicode-supported: 0.1.0 dev: true @@ -17495,7 +17497,7 @@ packages: engines: {node: '>=10'} dependencies: bl: 4.1.0 - chalk: 4.1.1 + chalk: 4.1.2 cli-cursor: 3.1.0 cli-spinners: 2.6.1 is-interactive: 1.0.0