-
-
Notifications
You must be signed in to change notification settings - Fork 0
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[pull] main from nextauthjs:main #309
Conversation
* fix(core): detect Vercel without `NEXTAUTH_URL` * chore(ts): use `any` * chore: use `process.env.VERCEL` to detect Vercel
Codecov Report
@@ Coverage Diff @@
## main #309 +/- ##
=========================================
+ Coverage 9.90% 13.08% +3.18%
=========================================
Files 84 91 +7
Lines 1403 1444 +41
Branches 395 384 -11
=========================================
+ Hits 139 189 +50
- Misses 1038 1241 +203
+ Partials 226 14 -212
Continue to review full report at Codecov.
|
* Added authentik provider * Removed idToken
…rting to base64 (#3656) * Fix: Add OpenID to authorization scope * Fix: Check for valid profile picture response before converting to base64 * Update src/providers/azure-ad.ts Co-authored-by: Balázs Orbán <info@balazsorban.com> * Confirm that profile photo was returned Co-authored-by: Balázs Orbán <info@balazsorban.com>
Avoid peer dependency warning when using React 18
Bumps [next](https://github.com/vercel/next.js) from 12.0.7 to 12.0.9. - [Release notes](https://github.com/vercel/next.js/releases) - [Changelog](https://github.com/vercel/next.js/blob/canary/release.js) - [Commits](vercel/next.js@v12.0.7...v12.0.9) --- updated-dependencies: - dependency-name: next dependency-type: direct:development ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Bumps [node-fetch](https://github.com/node-fetch/node-fetch) from 2.6.6 to 2.6.7. - [Release notes](https://github.com/node-fetch/node-fetch/releases) - [Commits](node-fetch/node-fetch@v2.6.6...v2.6.7) --- updated-dependencies: - dependency-name: node-fetch dependency-type: indirect ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
* feat: added types for sign in errors * feat: adding type to error prop * chore: added documentation links to types
* feat(core): detect `NEXTAUTH_SECRET` env variable * chore(dev): use detected `NEXTAUTH_SECRET` in dev app
* fix(providers): properly warn when using Twitter OAuth 2 * refactor(providers): move Twitter OAuth2 warning to `assert` * fix: use proper warning code * refactor: only set boolean
* added trakt provider * fixed incorrect auth url * Update src/providers/trakt.ts Co-authored-by: Balázs Orbán <info@balazsorban.com> * Update src/providers/trakt.ts Co-authored-by: Balázs Orbán <info@balazsorban.com> * Update trakt.ts Co-authored-by: caidenwilson <caidenwilson@protonmail.com> Co-authored-by: Balázs Orbán <info@balazsorban.com>
* feat(middleware): introduce Middleware API to Next.js * chore(app): upgrade Next.js in dev app * chore(dev): add Middleware protected page to dev app * chore(middleware): add `next/middleware` to `exports` * fix(middleware): bail out redirect on custom pages * fix(middleware): allow one-line export * chore(middleware): simplify code * fix(middleware): redirect back to page after succesful login * feat(middleware): re-export `withAuth` as `default` * chore: export middleware from `next-auth/middleware` * chore: add `middleware` files to npm * feat(middleware): handle chaining, fix some bugs * chore(dev): showcase different middlewares * chore(middleware): remove `@ts-expect-error` comments * chore: update build clean script * fix: bail out when NextAuth.js paths * refactor: be more explicit about `initConfig` result * refactor: simplify * refactor: use `callbacks` similarily to `NextAuthOptions` * refactor: use `nextauth` namespace when setting `token` on `req` * refactor: don't allow passing `secret` * addressing review
* fix(middleware): handle no argument case * use absolute URLs * use origin instead of host
* chore: convert to monorepo * Remove eslint, typescript, semantic-release * Add yarn.lock * Add turbo * Run test command * Move to src * Add a seperate tsconfig file * Update .gitignore * Update commands to yarn * Replace semantic-release with changesets * Update changesets usage * Fix commands: dev, setup, clean * Add back changes from main * Fixed HMR * Update .gitignore
* fix labeler * try fixing test runs in GitHub Actions * pass flags to test command * test version pr * move versoin-pr action * remove --dry-run flag * re-enable testing, re-add semantic release for now * add docs * use `yarn.lock` and different docs port * simplify dev app config * fix coverage report * fix provider source links * fix more links
Bumps [next-auth](https://github.com/nextauthjs/next-auth) from 4.2.1 to 4.3.2. - [Release notes](https://github.com/nextauthjs/next-auth/releases) - [Changelog](https://github.com/nextauthjs/next-auth/blob/main/CHANGELOG.md) - [Commits](https://github.com/nextauthjs/next-auth/compare/v4.2.1...next-auth@v4.3.2) --- updated-dependencies: - dependency-name: next-auth dependency-type: direct:production ... Signed-off-by: dependabot[bot] <support@github.com> Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Lluis Agusti <hi@llu.lu>
The build plugin now sets the NEXTAUTH_URL environment variable automatically when it detects that 'next-auth' is installed in the project.
* feat: pnpm * Update publish script * gitignore the pnpm debug log * Fix workspace * Fix dev commands * feat: pnpm * Update publish script * gitignore the pnpm debug log * Fix workspace * Fix dev commands * chore: fix pnpm install in GitHub Action * fix: update tsconfig path * pnpm run -> pnpm * chore: remove cache-node and add back setup-node * fix: tsconfig dependencies * chore: fix tsconfig path * fix: adapter-test dependencies * fix: setup-node for release-pr * fix: import adapter-test * chore: update workspace dependency for next-auth * fix: test failure * fix: add jest for adapters * fix: jest again * fix: mongo in prisma * fix: `--no-git-checks` for `release-pr` Co-authored-by: Balázs Orbán <info@balazsorban.com>
…4449) Co-authored-by: Lluis Agusti <hi@llu.lu> Co-authored-by: ndom91 <yo@ndo.dev>
Co-authored-by: Thang Vu <31528554+ThangHuuVu@users.noreply.github.com>
'this environment variable must be set', instead of 'this environment variables must be set'.
Co-authored-by: Lluis Agusti <hi@llu.lu>
<Motion | ||
key={`marquee-example-company-${icon}`} | ||
initDeg={randomIntFromInterval(0, 360)} | ||
direction={Math.random() > 0.5 ? "clockwise" : "counterclockwise"} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.node_insecure_random_generator: crypto.pseudoRandomBytes()/Math.random() is a cryptographically weak random number generator.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
const errorUrl = new URL(errorPage, req.nextUrl.origin) | ||
errorUrl.searchParams.append("error", "Configuration") | ||
|
||
return NextResponse.redirect(errorUrl) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.express_open_redirect: Untrusted user input in redirect() can result in Open Redirect vulnerability.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
// the user is not logged in, redirect to the sign-in page | ||
const signInUrl = new URL(signInPage, req.nextUrl.origin) | ||
signInUrl.searchParams.append("callbackUrl", req.url) | ||
return NextResponse.redirect(signInUrl) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.express_open_redirect: Untrusted user input in redirect() can result in Open Redirect vulnerability.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
), | ||
Delete(Ref(Users, userId)) | ||
) | ||
) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.node_sqli_injection: Untrusted input concatenated with raw SQL query can result in SQL Injection.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
@@ -0,0 +1,46 @@ | |||
#!/usr/bin/env bash | |||
|
|||
SCRIPT_DIR="$( cd "$( dirname "${BASH_SOURCE[0]}" )" &> /dev/null && pwd )" |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
SC2034: SCRIPT_DIR appears unused. Verify use (or export if used externally).
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
if (!account) return null | ||
const user = await ( | ||
await db | ||
).U.findOne({ _id: new ObjectId(account.userId) }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.node_nosqli_injection: Untrusted user input in findOne() function can result in NoSQL Injection.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
if (!session) return null | ||
const user = await ( | ||
await db | ||
).U.findOne({ _id: new ObjectId(session.userId) }) |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
opt.semgrep.node_nosqli_injection: Untrusted user input in findOne() function can result in NoSQL Injection.
(at-me in a reply with help
or ignore
)
Was this a good recommendation?
[ 🙁 Not relevant ] - [ 😕 Won't fix ] - [ 😑 Not critical, will fix ] - [ 🙂 Critical, will fix ] - [ 😊 Critical, fixing now ]
…o `expires_at` (#4540) Co-authored-by: Lluis Agusti <hi@llu.lu>
Authentication Patterns for Next.js is moved official next.js docs https://nextjs.org/docs/authentication#authentication-patterns
See Commits and Changes for more details.
Created by pull[bot]
Can you help keep this open source service alive? 💖 Please sponsor : )