Merge pull request #2418 from flacial/fix/dependabot/npm_and_yarn/nex…

…t-auth-4.13.0 build(deps): Bump next-auth from 4.12.3 to 4.13.0
garageScript · Oct 16, 2022 · 45e4cc1 · 45e4cc1 · vercel · Oct 16, 2022
2 parents 702c3be + bc4d197
commit 45e4cc1
Show file tree

Hide file tree

Showing 4 changed files with 70 additions and 23 deletions.
diff --git a/helpers/nextAuth.test.js b/helpers/nextAuth.test.js
@@ -64,6 +64,45 @@ describe('Signin callback', () => {
     expect(value).toBe(true)
   })
 
+  it('Should return false if account does not exist', async () => {
+    expect.assertions(1)
+
+    userMiddleware.mockImplementation((req, _res, next) => {
+      req.user = {
+        id: 123,
+        username: 'fakeUser'
+      }
+      next()
+    })
+
+    const signInCallback = signIn(req, res)
+
+    const value = await signInCallback({
+      account: null,
+      user: {
+        id: 123
+      }
+    })
+
+    expect(value).toBe(false)
+  })
+
+  it('Should return false if user object has email and no id', async () => {
+    expect.assertions(1)
+    const signInCallback = signIn(req, res)
+
+    const value = await signInCallback({
+      account: {
+        provider: 'credentials'
+      },
+      user: {
+        email: 'noob@c0d3.com'
+      }
+    })
+
+    expect(value).toBe(false)
+  })
+
   describe('Connect to discord', () => {
     it('Should connect-to-discord when the provider is discord and there is previous session', async () => {
       expect.assertions(2)

diff --git a/helpers/nextAuth.ts b/helpers/nextAuth.ts
@@ -1,23 +1,22 @@
 import { updateRefreshandAccessTokens } from './discordAuth'
-import { Account, DefaultSession, Session, User } from 'next-auth'
+import { CallbacksOptions, DefaultSession } from 'next-auth'
 import { LoggedRequest } from '../@types/helpers'
 import { Request, Response } from 'express'
 import { NextApiResponse } from 'next'
 import { getUserSession } from './getUserSession'
 import { get } from 'lodash'
 import { login, signup } from '../graphql/resolvers/authController'
 import prisma from '../prisma'
-import { JWT } from 'next-auth/jwt'
 import DiscordProvider from 'next-auth/providers/discord'
-import CredentialsProvider from 'next-auth/providers/credentials'
+import CredentialsProvider, {
+  CredentialsConfig
+} from 'next-auth/providers/credentials'
 
-type Credentials =
-  | Record<'username' | 'password' | 'email' | 'firstName' | 'lastName', string>
-  | undefined
-
-export const authorize =
-  (req: LoggedRequest & Request, res: NextApiResponse & Response) =>
-  async (credentials: Credentials) => {
+export const authorize = (
+  req: LoggedRequest & Request,
+  res: NextApiResponse & Response
+) => {
+  const authorize: CredentialsConfig['authorize'] = async credentials => {
     const context = { req, res }
 
     const username = get(credentials, 'username')
@@ -50,6 +49,9 @@ export const authorize =
     })
   }
 
+  return authorize
+}
+
 export const providers = (
   req: LoggedRequest & Request,
   res: NextApiResponse & Response
@@ -71,13 +73,19 @@ export const providers = (
   })
 ]
 
-export const signIn =
-  (req: LoggedRequest & Request, res: NextApiResponse & Response) =>
-  async ({ account, user }: { account: Account; user: User }) => {
+export const signIn = (
+  req: LoggedRequest & Request,
+  res: NextApiResponse & Response
+) => {
+  const signIn: CallbacksOptions['signIn'] = async ({ account, user }) => {
+    if (!account) return false
+    if ('email' in user && !('id' in user)) return false
+
     const { provider } = account
 
     if (provider === 'discord') {
       const c0d3User = await getUserSession(req, res)
+
       const { access_token, expires_at, refresh_token } = account
 
       // Connect to discord
@@ -114,18 +122,18 @@ export const signIn =
     return true
   }
 
+  return signIn
+}
+
 // jwt callback is first called then session callback
-export const jwt = ({ token, user }: { token: JWT; user?: User }) => {
+export const jwt: CallbacksOptions['jwt'] = ({ token, user }) => {
   if (user) token.user = user
   return token
 }
 
-export const session = async ({
+export const session: CallbacksOptions['session'] = async ({
   session,
   token
-}: {
-  session: Session
-  token: JWT
 }) => {
   session.user = token.user as DefaultSession['user']
   return session

diff --git a/package.json b/package.json
@@ -56,7 +56,7 @@
     "markdown-to-jsx": "^7.1.7",
     "nanoid": "^3.3.4",
     "next": "12",
-    "next-auth": "^4.12.3",
+    "next-auth": "4.13.0",
     "next-connect": "^0.13.0",
     "next-mdx-remote": "^3.0.8",
     "nodemailer": "^6.8.0",

diff --git a/yarn.lock b/yarn.lock
@@ -13289,10 +13289,10 @@ nested-error-stacks@^2.0.0, nested-error-stacks@^2.1.0:
   resolved "https://registry.yarnpkg.com/nested-error-stacks/-/nested-error-stacks-2.1.0.tgz#0fbdcf3e13fe4994781280524f8b96b0cdff9c61"
   integrity sha512-AO81vsIO1k1sM4Zrd6Hu7regmJN1NSiAja10gc4bX3F0wd+9rQmcuHQaHVQCYIEC8iFXnE+mavh23GOt7wBgug==
 
-next-auth@^4.12.3:
-  version "4.12.3"
-  resolved "https://registry.yarnpkg.com/next-auth/-/next-auth-4.12.3.tgz#a4392c27d57c246128526a17b38971638f63b5a2"
-  integrity sha512-kfJjYOH2or/y+pEBkeA6O2MxIXOKXNiOKLKhrQHsaRqMDttEQX0yEK3xXVTB1yB7xbMLGcMvsIS3d23BC/K8/A==
+next-auth@4.13.0:
+  version "4.13.0"
+  resolved "https://registry.yarnpkg.com/next-auth/-/next-auth-4.13.0.tgz#93d312cec2513ac3c5eb583ee0665da50059a902"
+  integrity sha512-FtkPpeb9Bax6yKDaxcaGIvZZjvr10JaU2AsBYv1yv4N6rP86Xa7/4Ro1Aq94YGwsYzk+YKS52CRjD2DqCcSmVA==
   dependencies:
     "@babel/runtime" "^7.16.3"
     "@panva/hkdf" "^1.0.1"