From a82cbf5ddfbb923fe8a0520f8c8791e6146e61ae Mon Sep 17 00:00:00 2001 From: Melanie Seltzer Date: Tue, 30 Aug 2022 19:19:14 -0700 Subject: [PATCH] fix: return null in unstable_getServerSession if there's an error (#5218) * fix: return null in unstable_getServerSession if there's an error * Remove status check and instead check body is not a string * Combine similar tests --- packages/next-auth/src/next/index.ts | 6 +- .../next-auth/tests/getServerSession.test.ts | 57 +++++++++++++++++-- 2 files changed, 57 insertions(+), 6 deletions(-) diff --git a/packages/next-auth/src/next/index.ts b/packages/next-auth/src/next/index.ts index 77a091da40..567e8432ec 100644 --- a/packages/next-auth/src/next/index.ts +++ b/packages/next-auth/src/next/index.ts @@ -107,7 +107,7 @@ export async function unstable_getServerSession( options.secret = options.secret ?? process.env.NEXTAUTH_SECRET - const session = await NextAuthHandler({ + const session = await NextAuthHandler({ options, req: { host: detectHost(req.headers["x-forwarded-host"]), @@ -122,7 +122,9 @@ export async function unstable_getServerSession( cookies?.forEach((cookie) => setCookie(res, cookie)) - if (body && Object.keys(body).length) return body as Session + if (body && typeof body !== "string" && Object.keys(body).length) + return body as Session + return null } diff --git a/packages/next-auth/tests/getServerSession.test.ts b/packages/next-auth/tests/getServerSession.test.ts index 2eae732f8c..78b17923af 100644 --- a/packages/next-auth/tests/getServerSession.test.ts +++ b/packages/next-auth/tests/getServerSession.test.ts @@ -1,3 +1,4 @@ +import * as core from "../src/core" import { MissingSecret } from "../src/core/errors" import { unstable_getServerSession } from "../src/next" import { mockLogger } from "./lib" @@ -5,6 +6,9 @@ import { mockLogger } from "./lib" let originalWarn = console.warn let logger = mockLogger() +const req: any = { headers: {} } +const res: any = { setHeader: jest.fn(), getHeader: jest.fn() } + beforeEach(() => { process.env.NODE_ENV = "production" process.env.NEXTAUTH_URL = "http://localhost" @@ -19,9 +23,6 @@ afterEach(() => { }) describe("Treat secret correctly", () => { - const req: any = { headers: {} } - const res: any = { setHeader: jest.fn(), getHeader: jest.fn() } - it("Read from NEXTAUTH_SECRET", async () => { process.env.NEXTAUTH_SECRET = "secret" await unstable_getServerSession(req, res, { providers: [], logger }) @@ -44,8 +45,12 @@ describe("Treat secret correctly", () => { }) it("Error if missing NEXTAUTH_SECRET and secret", async () => { - await unstable_getServerSession(req, res, { providers: [], logger }) + const session = await unstable_getServerSession(req, res, { + providers: [], + logger, + }) + expect(session).toEqual(null) expect(logger.error).toBeCalledTimes(1) expect(logger.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret)) }) @@ -65,3 +70,47 @@ describe("Treat secret correctly", () => { expect(console.warn).toBeCalledTimes(1) }) }) + +describe("Return correct data", () => { + afterEach(() => { + jest.restoreAllMocks() + }) + + it("Should return null if there is no session", async () => { + const spy = jest.spyOn(core, "NextAuthHandler") + spy.mockReturnValue({ body: {} }) + + const session = await unstable_getServerSession(req, res, { + providers: [], + logger, + secret: "secret", + }) + + expect(session).toEqual(null) + }) + + it("Should return the session if one is found", async () => { + const mockedResponse = { + body: { + user: { + name: "John Doe", + email: "test@example.com", + image: "", + id: "1234", + }, + expires: "", + }, + } + + const spy = jest.spyOn(core, "NextAuthHandler") + spy.mockReturnValue(mockedResponse) + + const session = await unstable_getServerSession(req, res, { + providers: [], + logger, + secret: "secret", + }) + + expect(session).toEqual(mockedResponse.body) + }) +})