Skip to content

fix(core) merge function does not handle all cases correctly #13030

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 2 commits into
base: main
Choose a base branch
from
Open

fix(core) merge function does not handle all cases correctly #13030

wants to merge 2 commits into from

Conversation

magom001
Copy link

@magom001 magom001 commented Jun 5, 2025
edited
Loading

☕️ Reasoning

🧢 Checklist

  • Documentation
  • Tests
  • Ready to be merged

🎫 Affected issues

const target = {
      sessionToken: {
        name: "authjs.session-token",
        options: {
          httpOnly: true,
          sameSite: "lax",
          path: "/",
          secure: false,
        },
      }
}

const source = {
      sessionToken: {
        options: {
          expires: new Date("2024-01-01T00:00:00Z"),
        },
      }
}

// Call
merge(target, source)

const expected = {
      sessionToken: {
        name: "authjs.session-token",
        options: {
          httpOnly: true,
          sameSite: "lax",
          path: "/",
          secure: false,
          expires: source.sessionToken.options.expires,
        },
      }
}

// Actual result
 Object {
    "sessionToken": Object {
      "name": "authjs.session-token",
      "options": Object {
-       "expires": 2024-01-01T00:00:00.000Z,
+       "expires": Object {},
        "httpOnly": true,
        "path": "/",
        "sameSite": "lax",
        "secure": false,
      },
    },
  }

This bug leads to crash when setting

cookies: {
    sessionToken: {
        options: {
            expires: new Date('...')
        }
    }
}

See the first added unit test for a repro.

📌 Resources

@magom001 magom001 requested a review from ThangHuuVu as a code owner June 5, 2025 21:02
@vercel Vercel
Copy link

vercel bot commented Jun 5, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
auth-docs ✅ Ready (Inspect) Visit Preview 💬 Add feedback Jun 10, 2025 7:08pm
1 Skipped Deployment
Name Status Preview Comments Updated (UTC)
next-auth-docs ⬜️ Ignored (Inspect) Visit Preview Jun 10, 2025 7:08pm

@vercel Vercel
Copy link

vercel bot commented Jun 5, 2025

@magom001 is attempting to deploy a commit to the authjs Team on Vercel.

A member of the Team first needs to authorize it.

@github-actions github-actions bot added the core Refers to `@auth/core` label Jun 5, 2025
@magom001 magom001 changed the title Refactored merge fix(core) merge function does not handle all cases correctly Jun 5, 2025
@magom001 magom001 mentioned this pull request Jun 5, 2025
Closed
@magom001
Copy link
Author

magom001 commented Jun 5, 2025

I believe the faulty merge implementation is causing this bug when I set the expires property on the cookies options

Screenshot 2025-06-05 at 23 13 11

@magom001
Copy link
Author

@ThangHuuVu maybe using an external dependency (like https://github.com/fastify/deepmerge) is more appropriate for this case.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@ThangHuuVu ThangHuuVu Awaiting requested review from ThangHuuVu ThangHuuVu is a code owner

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
core Refers to `@auth/core`
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@magom001