fix(core): revert #11050 (#11469)

* fix(core): revert #11050

Added a test to avoid regression

* Update callback.test.ts

* Update index.ts

Author: ThangHuuVu

packages/core/package.json

@@ -98,6 +98,7 @@
     "dev": "pnpm css && pnpm providers && tsc -w",
     "test:e2e": "playwright test -c ../utils/playwright.config.ts",
     "test": "vitest run -c ../utils/vitest.config.ts",
+    "test:watch": "vitest -c ../utils/vitest.config.ts",
     "providers": "node scripts/generate-providers"
   },
   "devDependencies": {

packages/core/src/errors.ts

@@ -193,7 +193,7 @@ export class InvalidCallbackUrl extends AuthError {
  * 1. The user is redirected to the signin page, with `error=CredentialsSignin&code=credentials` in the URL. `code` is configurable.
  * 2. If you throw this error in a framework that handles form actions server-side, this error is thrown, instead of redirecting the user, so you'll need to handle.
  */
-export class CredentialsSignin extends Error {
+export class CredentialsSignin extends SignInError {
   static type = "CredentialsSignin"
   /**
    * The error code that is set in the `code` query parameter of the redirect URL.

packages/core/src/lib/actions/callback/index.ts

@@ -324,12 +324,8 @@ export async function callback(
       )
       const user = userFromAuthorize
 
-      if (!user) {
-        console.error(
-          "Read more at https://errors.authjs.dev/#credentialssignin"
-        )
-        throw new CredentialsSignin()
-      } else user.id = user.id?.toString() ?? crypto.randomUUID()
+      if (!user) throw new CredentialsSignin()
+      else user.id = user.id?.toString() ?? crypto.randomUUID()
 
       const account = {
         providerAccountId: user.id,

packages/core/test/actions/callback.test.ts

@@ -6,6 +6,8 @@ import GitHub from "../../src/providers/github.js"
 import Credentials from "../../src/providers/credentials.js"
 
 import { makeAuthRequest } from "../utils.js"
+import { skipCSRFCheck } from "../../src/index.js"
+import { CredentialsSignin } from "../../src/errors.js"
 
 describe("assert GET callback action", () => {
   beforeEach(() => {
@@ -66,22 +68,107 @@ describe("assert GET callback action", () => {
       `https://login.example.com?state=${encodedState}`
     )
   })
-})
 
-it("should redirect to the custom error page is custom error page is defined", async () => {
-  const { response } = await makeAuthRequest({
-    action: "callback",
-    path: "/credentials",
-    config: {
-      pages: {
-        error: "/custom/error",
+  it("should redirect to the custom error page is custom error page is defined", async () => {
+    const { response } = await makeAuthRequest({
+      action: "callback",
+      path: "/credentials",
+      config: {
+        pages: {
+          error: "/custom/error",
+        },
+        providers: [Credentials],
       },
-      providers: [Credentials],
-    },
+    })
+
+    expect(response.status).toEqual(302)
+    expect(response.headers.get("location")).toEqual(
+      `https://authjs.test/custom/error?error=Configuration`
+    )
   })
+})
+
+describe("assert POST callback action", () => {
+  describe("Credentials provider", () => {
+    it("should return error=CredentialSignin and code=credentials if authorize returns null", async () => {
+      const { response } = await makeAuthRequest({
+        action: "callback",
+        path: "/credentials",
+        body: {
+          username: "foo",
+          password: "bar",
+        },
+        config: {
+          skipCSRFCheck,
+          providers: [
+            Credentials({
+              authorize() {
+                return null
+              },
+            }),
+          ],
+        },
+      })
+
+      expect(response.status).toEqual(302)
+      expect(response.headers.get("location")).toEqual(
+        `https://authjs.test/auth/signin?error=CredentialsSignin&code=credentials`
+      )
+    })
 
-  expect(response.status).toEqual(302)
-  expect(response.headers.get("location")).toEqual(
-    `https://authjs.test/custom/error?error=Configuration`
-  )
+    it("should return error=Configuration if authorize throws an Error that is not extending from CredentialSignin", async () => {
+      const { response } = await makeAuthRequest({
+        action: "callback",
+        path: "/credentials",
+        body: {
+          username: "foo",
+          password: "bar",
+        },
+        config: {
+          skipCSRFCheck,
+          providers: [
+            Credentials({
+              authorize() {
+                throw new Error()
+              },
+            }),
+          ],
+        },
+      })
+
+      expect(response.status).toEqual(302)
+      expect(response.headers.get("location")).toEqual(
+        `https://authjs.test/auth/error?error=Configuration`
+      )
+    })
+
+    it("should return error=CredentialsSignin and code=custom if authorize throws an custom Error that is extending from CredentialSignin", async () => {
+      class CustomSigninError extends CredentialsSignin {
+        code = "custom"
+      }
+      const { response } = await makeAuthRequest({
+        action: "callback",
+        path: "/credentials",
+        body: {
+          username: "foo",
+          password: "bar",
+        },
+        config: {
+          skipCSRFCheck,
+          providers: [
+            Credentials({
+              authorize() {
+                throw new CustomSigninError()
+              },
+            }),
+          ],
+        },
+      })
+
+      expect(response.status).toEqual(302)
+      expect(response.headers.get("location")).toEqual(
+        `https://authjs.test/auth/signin?error=CredentialsSignin&code=custom`
+      )
+    })
+  })
 })