Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix validation of provider existence before looking for protection property #1687

Merged
merged 2 commits into from
Apr 11, 2021
Merged

fix validation of provider existence before looking for protection property #1687

merged 2 commits into from
Apr 11, 2021

Conversation

dcolonv
Copy link
Contributor

@dcolonv dcolonv commented Apr 11, 2021
edited
Loading

What:

Validate provider exists before accessing protection property in NextAuthHandler

Why:

NextAuthHandler reads all requests to api, including endpoints that does not include providerId as /api/auth/session, on line 73, result of finding a provider with providerId = undefined, is an undefined provider, that leads to an UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'protection' of undefined on line 82.

How:

Validate provider exists before accessing protection property.

Checklist:

  • Documentation
  • Tests
  • Ready to be merged

Fixes #1686

@vercel
Copy link

vercel bot commented Apr 11, 2021
edited
Loading

This pull request is being automatically deployed with Vercel (learn more).
To see the status of your deployment, click below or on the icon next to each commit.

🔍 Inspect: https://vercel.com/nextauthjs/next-auth/4W7Nv3eEJaC5N5mP5DzM8tJgbQaw
✅ Preview: https://next-auth-git-fork-dcolonv-fix-next-auth-handler-pr-e77b92.vercel.app

@vercel vercel bot temporarily deployed to Preview April 11, 2021 11:47 Inactive
@github-actions github-actions bot added the core Refers to `@auth/core` label Apr 11, 2021
balazsorban44
balazsorban44 requested changes Apr 11, 2021
View reviewed changes
Copy link
Member

@balazsorban44 balazsorban44 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks!

can we just useboptional chaining?

provider?.protection

@vercel vercel bot temporarily deployed to Preview April 11, 2021 13:15 Inactive
@dcolonv
Copy link
Contributor Author

dcolonv commented Apr 11, 2021

eboptional chaining?

Done, I used regular short-circuit evaluation to keep code style used on line 75.

@balazsorban44 balazsorban44 merged commit 63171a0 into nextauthjs:main Apr 11, 2021
@balazsorban44
Copy link
Member

That if check in line 75 is a mess... 😂 Thank you for this fix!

@github-actions
Copy link

🎉 This PR is included in version 3.14.2 🎉

The release is available on:

Your semantic-release bot 📦🚀

@balazsorban44 balazsorban44 mentioned this pull request Apr 11, 2021
Closed
5 tasks
@github-actions
Copy link

🎉 This PR is included in version 4.0.0-next.5 🎉

The release is available on:

Your semantic-release bot 📦🚀

mnphpexpert added a commit to mnphpexpert/next-auth that referenced this pull request Sep 2, 2024
@mnphpexpert
fix: validate provider existence before looking for protection proper…
417c079 
…ty (nextauthjs#1687)

* Fix validation of provider existence before looking for protection property

* Use optional chaining
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@balazsorban44 balazsorban44 balazsorban44 approved these changes

Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

example code error UnhandledPromiseRejectionWarning: TypeError: Cannot read property 'protection' of undefined
2 participants
@dcolonv @balazsorban44