fix: return null in unstable_getServerSession if there's an error

nextauthjs · Aug 31, 2022 · 26d7648 · 26d7648
1 parent 24db833
commit 26d7648
Show file tree

Hide file tree

Showing 2 changed files with 64 additions and 5 deletions.
diff --git a/packages/next-auth/src/next/index.ts b/packages/next-auth/src/next/index.ts
@@ -118,11 +118,14 @@ export async function unstable_getServerSession(
     },
   })
 
-  const { body, cookies } = session
+  const { body, cookies, status } = session
 
   cookies?.forEach((cookie) => setCookie(res, cookie))
 
-  if (body && Object.keys(body).length) return body as Session
+  const error = status && status !== 200
+
+  if (!error && body && Object.keys(body).length) return body as Session
+
   return null
 }
 

diff --git a/packages/next-auth/tests/getServerSession.test.ts b/packages/next-auth/tests/getServerSession.test.ts
@@ -1,10 +1,14 @@
+import * as core from "../src/core"
 import { MissingSecret } from "../src/core/errors"
 import { unstable_getServerSession } from "../src/next"
 import { mockLogger } from "./lib"
 
 let originalWarn = console.warn
 let logger = mockLogger()
 
+const req: any = { headers: {} }
+const res: any = { setHeader: jest.fn(), getHeader: jest.fn() }
+
 beforeEach(() => {
   process.env.NODE_ENV = "production"
   process.env.NEXTAUTH_URL = "http://localhost"
@@ -19,9 +23,6 @@ afterEach(() => {
 })
 
 describe("Treat secret correctly", () => {
-  const req: any = { headers: {} }
-  const res: any = { setHeader: jest.fn(), getHeader: jest.fn() }
-
   it("Read from NEXTAUTH_SECRET", async () => {
     process.env.NEXTAUTH_SECRET = "secret"
     await unstable_getServerSession(req, res, { providers: [], logger })
@@ -65,3 +66,58 @@ describe("Treat secret correctly", () => {
     expect(console.warn).toBeCalledTimes(1)
   })
 })
+
+describe("Return correct data", () => {
+  afterEach(() => {
+    jest.restoreAllMocks()
+  })
+
+  it("Should return null if there is no session", async () => {
+    const spy = jest.spyOn(core, "NextAuthHandler")
+    spy.mockReturnValue({ body: {} })
+
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+      secret: "secret",
+    })
+
+    expect(session).toEqual(null)
+  })
+
+  it("Should return null if there is a config error", async () => {
+    // Forced a `NO_SECRET` error underneath because no secret in the config
+    // and NEXTAUTH_SECRET doesn't exist either.
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+    })
+
+    expect(session).toEqual(null)
+  })
+
+  it("Should return the session if one is found", async () => {
+    const mockedResponse = {
+      body: {
+        user: {
+          name: "John Doe",
+          email: "test@example.com",
+          image: "",
+          id: "1234",
+        },
+        expires: "",
+      },
+    }
+
+    const spy = jest.spyOn(core, "NextAuthHandler")
+    spy.mockReturnValue(mockedResponse)
+
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+      secret: "secret",
+    })
+
+    expect(session).toEqual(mockedResponse.body)
+  })
+})