From afa998bde7b926f9b4e80ed2d0834e922dbcac4f Mon Sep 17 00:00:00 2001
From: Thomas Ruoff <truoff@brandwatch.com>
Date: Fri, 14 Oct 2022 23:00:56 +0200
Subject: [PATCH] defensive email verification check

---
 pages/api/auth/[...nextauth].ts | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/pages/api/auth/[...nextauth].ts b/pages/api/auth/[...nextauth].ts
index 89090b2..ae78d66 100644
--- a/pages/api/auth/[...nextauth].ts
+++ b/pages/api/auth/[...nextauth].ts
@@ -32,15 +32,15 @@ export default NextAuth({
   callbacks: {
     async signIn({ account, email }) {
       // if user sigin requested magic link via EmailProvider
-      if (account.provider === 'email') {
-        if (email.verificationRequest) {
+      if (account?.provider === 'email') {
+        if (email?.verificationRequest) {
           // only allow admins by email entered
           return account.providerAccountId === ADMIN_EMAIL
         }
 
         // if user accesses with magic link, also only allow admin
         return account.providerAccountId === ADMIN_EMAIL
-      } else if (account.provider === 'github') {
+      } else if (account?.provider === 'github') {
         // only one and only one user
         return GITHUB_USERS_GRANTED.includes(account.providerAccountId)
       }