fix: configure GitHub OAuth issuer (#388)
* fix: configure github oauth issuer * fix: set cloud-mode flag in test env mock * test: stabilize auth issuer unit test
This commit is contained in:
João Nuno
GitHub
@@ -14,6 +14,8 @@ import { sendSignUpEmail } from "~/server/mailer";
|
|||||||
import { env } from "~/env";
|
import { env } from "~/env";
|
||||||
import { db } from "~/server/db";
|
import { db } from "~/server/db";
|
||||||
|
|
||||||
|
const GITHUB_OAUTH_ISSUER = "https://github.com/login/oauth";
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Module augmentation for `next-auth` types. Allows us to add custom properties to the `session`
|
* Module augmentation for `next-auth` types. Allows us to add custom properties to the `session`
|
||||||
* object and keep type safety.
|
* object and keep type safety.
|
||||||
@@ -54,6 +56,8 @@ function getProviders() {
|
|||||||
GitHubProvider({
|
GitHubProvider({
|
||||||
clientId: env.GITHUB_ID,
|
clientId: env.GITHUB_ID,
|
||||||
clientSecret: env.GITHUB_SECRET,
|
clientSecret: env.GITHUB_SECRET,
|
||||||
|
// GitHub now includes `iss` on OAuth callbacks, so NextAuth needs the expected issuer.
|
||||||
|
issuer: GITHUB_OAUTH_ISSUER,
|
||||||
allowDangerousEmailAccountLinking: true,
|
allowDangerousEmailAccountLinking: true,
|
||||||
authorization: {
|
authorization: {
|
||||||
params: {
|
params: {
|
||||||
|
|||||||
@@ -0,0 +1,52 @@
|
|||||||
|
import { describe, expect, it, vi } from "vitest";
|
||||||
|
|
||||||
|
vi.mock("next-auth", () => ({
|
||||||
|
getServerSession: vi.fn(),
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("@auth/prisma-adapter", () => ({
|
||||||
|
PrismaAdapter: vi.fn(() => ({})),
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("next-auth/providers/google", () => ({
|
||||||
|
default: vi.fn(),
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("next-auth/providers/email", () => ({
|
||||||
|
default: vi.fn(),
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("~/server/db", () => ({
|
||||||
|
db: {},
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("~/server/mailer", () => ({
|
||||||
|
sendSignUpEmail: vi.fn(),
|
||||||
|
}));
|
||||||
|
|
||||||
|
vi.mock("~/env", () => ({
|
||||||
|
env: {
|
||||||
|
GITHUB_ID: "github-client-id",
|
||||||
|
GITHUB_SECRET: "github-client-secret",
|
||||||
|
NEXT_PUBLIC_IS_CLOUD: true,
|
||||||
|
},
|
||||||
|
}));
|
||||||
|
|
||||||
|
import { authOptions } from "~/server/auth";
|
||||||
|
|
||||||
|
describe("authOptions", () => {
|
||||||
|
it("configures the GitHub provider with an explicit issuer", () => {
|
||||||
|
const githubProvider = authOptions.providers.find(
|
||||||
|
(provider) => provider.id === "github",
|
||||||
|
);
|
||||||
|
|
||||||
|
expect(githubProvider).toMatchObject({
|
||||||
|
id: "github",
|
||||||
|
options: {
|
||||||
|
clientId: "github-client-id",
|
||||||
|
clientSecret: "github-client-secret",
|
||||||
|
issuer: "https://github.com/login/oauth",
|
||||||
|
},
|
||||||
|
});
|
||||||
|
});
|
||||||
|
});
|
||||||
Reference in New Issue
Block a user