Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix(core): respect NEXTAUTH_SECRET in unstable_getServerSession #4774

Merged
merged 4 commits into from Jun 27, 2022
Merged

fix(core): respect NEXTAUTH_SECRET in unstable_getServerSession #4774

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
4878444
fix(core): respect `NEXTAUTH_SECRET` in `unstable_getServerSession`
balazsorban44 Jun 27, 2022
6c5ada1
add `secret` tests
balazsorban44 Jun 27, 2022
a6d2fc0
add `@types/jest`
balazsorban44 Jun 27, 2022
8f3701e
fix tests
balazsorban44 Jun 27, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
1 change: 1 addition & 0 deletions packages/next-auth/package.json
View file
Open in desktop
Expand Up @@ -103,6 +103,7 @@
"@testing-library/react": "^13.3.0",
"@testing-library/react-hooks": "^8.0.0",
"@testing-library/user-event": "^14.2.0",
"@types/jest": "^28.1.3",
"@types/node": "^17.0.42",
"@types/nodemailer": "^6.4.4",
"@types/oauth": "^0.9.1",
Expand Down
3 changes: 3 additions & 0 deletions packages/next-auth/src/next/index.ts
View file
Open in desktop
Expand Up @@ -96,6 +96,9 @@ export async function unstable_getServerSession(
)

const [req, res, options] = args;

options.secret = options.secret ?? process.env.NEXTAUTH_SECRET

const session = await NextAuthHandler<Session | {}>({
options,
req: {
Expand Down
7 changes: 4 additions & 3 deletions packages/next-auth/tests/assert.test.ts
View file
Open in desktop
@@ -1,3 +1,4 @@
import { InvalidCallbackUrl, MissingSecret } from "../src/core/errors"
import { handler } from "./lib"

it("Show error page if secret is not defined", async () => {
Expand All @@ -10,7 +11,7 @@ it("Show error page if secret is not defined", async () => {
expect(res.html).toMatch(/there is a problem with the server configuration./i)
expect(res.html).toMatch(/check the server logs for more information./i)

expect(log.error).toBeCalledWith("NO_SECRET", expect.anything())
expect(log.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret))
})

it("Should show configuration error page on invalid `callbackUrl`", async () => {
Expand All @@ -25,7 +26,7 @@ it("Should show configuration error page on invalid `callbackUrl`", async () =>

expect(log.error).toBeCalledWith(
"INVALID_CALLBACK_URL_ERROR",
expect.anything()
expect.any(InvalidCallbackUrl)
)
})

Expand All @@ -38,6 +39,6 @@ it("Allow relative `callbackUrl`", async () => {
expect(res.status).not.toBe(500)
expect(log.error).not.toBeCalledWith(
"INVALID_CALLBACK_URL_ERROR",
expect.anything()
expect.any(InvalidCallbackUrl)
)
})
53 changes: 53 additions & 0 deletions packages/next-auth/tests/getServerSession.test.ts
View file
Open in desktop
@@ -0,0 +1,53 @@
import type { NextApiRequest } from "next"
import { MissingSecret } from "../src/core/errors"
import { unstable_getServerSession } from "../src/next"
import { mockLogger } from "./lib"

let originalWarn = console.warn
let logger = mockLogger()

beforeEach(() => {
process.env.NODE_ENV = "production"
process.env.NEXTAUTH_URL = "http://localhost"
console.warn = jest.fn()
})

afterEach(() => {
logger = mockLogger()
process.env.NODE_ENV = "test"
delete process.env.NEXTAUTH_URL
console.warn = originalWarn
})

describe("Treat secret correctly", () => {
const req: any = { headers: {} }
const res: any = { setHeader: jest.fn(), getHeader: jest.fn() }

it("Read from NEXTAUTH_SECRET", async () => {
process.env.NEXTAUTH_SECRET = "secret"
await unstable_getServerSession(req, res, { providers: [], logger })

expect(logger.error).toBeCalledTimes(0)
expect(logger.error).not.toBeCalledWith("NO_SECRET")

delete process.env.NEXTAUTH_SECRET
})

it("Read from options.secret", async () => {
await unstable_getServerSession(req, res, {
providers: [],
logger,
secret: "secret",
})

expect(logger.error).toBeCalledTimes(0)
expect(logger.error).not.toBeCalledWith("NO_SECRET")
})

it("Error if missing NEXTAUTH_SECRET and secret", async () => {
await unstable_getServerSession(req, res, { providers: [], logger })

expect(logger.error).toBeCalledTimes(1)
expect(logger.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret))
})
})
16 changes: 9 additions & 7 deletions packages/next-auth/tests/lib.ts
View file
Open in desktop
@@ -1,6 +1,12 @@
import type { LoggerInstance, NextAuthOptions } from "../src"
import { NextAuthHandler } from "../src/core"

export const mockLogger: () => LoggerInstance = () => ({
error: jest.fn(() => {}),
warn: jest.fn(() => {}),
debug: jest.fn(() => {}),
})

export async function handler(
options: NextAuthOptions,
{
Expand All @@ -16,11 +22,6 @@ export async function handler(
// @ts-ignore
if (prod) process.env.NODE_ENV = "production"

const mockLogger: LoggerInstance = {
error: jest.fn(),
warn: jest.fn(),
debug: jest.fn(),
}
const url = new URL(
`http://localhost/api/auth/${path ?? "signin"}?${new URLSearchParams(
params ?? {}
Expand All @@ -31,9 +32,10 @@ export async function handler(
host: "",
},
})
const logger = mockLogger()
const response = await NextAuthHandler({
req,
options: { secret: "secret", ...options, logger: mockLogger },
options: { secret: "secret", ...options, logger },
})
// @ts-ignore
if (prod) process.env.NODE_ENV = "test"
Expand All @@ -44,6 +46,6 @@ export async function handler(
html:
response.headers?.[0].value === "text/html" ? response.body : undefined,
},
log: mockLogger,
log: logger,
}
}
8 changes: 5 additions & 3 deletions pnpm-lock.yaml
View file
Open in desktop

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.