fix: return null in unstable_getServerSession if there's an error

packages/next-auth/src/next/index.ts

@@ -107,7 +107,7 @@ export async function unstable_getServerSession(
 
   options.secret = options.secret ?? process.env.NEXTAUTH_SECRET
 
-  const session = await NextAuthHandler<Session | {}>({
+  const session = await NextAuthHandler<Session | {} | string>({
     options,
     req: {
       host: detectHost(req.headers["x-forwarded-host"]),
@@ -122,7 +122,9 @@ export async function unstable_getServerSession(
 
   cookies?.forEach((cookie) => setCookie(res, cookie))
 
-  if (body && Object.keys(body).length) return body as Session
+  if (body && typeof body !== "string" && Object.keys(body).length)
+    return body as Session
+
   return null
 }
 

packages/next-auth/tests/getServerSession.test.ts

@@ -1,10 +1,14 @@
+import * as core from "../src/core"
 import { MissingSecret } from "../src/core/errors"
 import { unstable_getServerSession } from "../src/next"
 import { mockLogger } from "./lib"
 
 let originalWarn = console.warn
 let logger = mockLogger()
 
+const req: any = { headers: {} }
+const res: any = { setHeader: jest.fn(), getHeader: jest.fn() }
+
 beforeEach(() => {
   process.env.NODE_ENV = "production"
   process.env.NEXTAUTH_URL = "http://localhost"
@@ -19,9 +23,6 @@ afterEach(() => {
 })
 
 describe("Treat secret correctly", () => {
-  const req: any = { headers: {} }
-  const res: any = { setHeader: jest.fn(), getHeader: jest.fn() }
-
   it("Read from NEXTAUTH_SECRET", async () => {
     process.env.NEXTAUTH_SECRET = "secret"
     await unstable_getServerSession(req, res, { providers: [], logger })
@@ -44,8 +45,12 @@ describe("Treat secret correctly", () => {
   })
 
   it("Error if missing NEXTAUTH_SECRET and secret", async () => {
-    await unstable_getServerSession(req, res, { providers: [], logger })
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+    })
 
+    expect(session).toEqual(null)
     expect(logger.error).toBeCalledTimes(1)
     expect(logger.error).toBeCalledWith("NO_SECRET", expect.any(MissingSecret))
   })
@@ -65,3 +70,47 @@ describe("Treat secret correctly", () => {
     expect(console.warn).toBeCalledTimes(1)
   })
 })
+
+describe("Return correct data", () => {
+  afterEach(() => {
+    jest.restoreAllMocks()
+  })
+
+  it("Should return null if there is no session", async () => {
+    const spy = jest.spyOn(core, "NextAuthHandler")
+    spy.mockReturnValue({ body: {} })
+
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+      secret: "secret",
+    })
+
+    expect(session).toEqual(null)
+  })
+
+  it("Should return the session if one is found", async () => {
+    const mockedResponse = {
+      body: {
+        user: {
+          name: "John Doe",
+          email: "test@example.com",
+          image: "",
+          id: "1234",
+        },
+        expires: "",
+      },
+    }
+
+    const spy = jest.spyOn(core, "NextAuthHandler")
+    spy.mockReturnValue(mockedResponse)
+
+    const session = await unstable_getServerSession(req, res, {
+      providers: [],
+      logger,
+      secret: "secret",
+    })
+
+    expect(session).toEqual(mockedResponse.body)
+  })
+})