mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 01:06:30 -05:00
fix(oauth2): Fix crash when profile fields are missing (#5850)
Co-authored-by: Lautaro Alvarez <lautaro@grava.digital>
This commit is contained in:
parent
0f06adb9c7
commit
4fdab806a3
3 changed files with 17 additions and 24 deletions
|
@ -20,7 +20,7 @@ class OAuth2CustomStrategy extends Strategy {
|
|||
|
||||
userProfile (accessToken, done) {
|
||||
this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
|
||||
let json
|
||||
let json, profile
|
||||
|
||||
if (err) {
|
||||
return done(new InternalOAuthError('Failed to fetch user profile', err))
|
||||
|
@ -33,7 +33,11 @@ class OAuth2CustomStrategy extends Strategy {
|
|||
}
|
||||
|
||||
checkAuthorization(json, done)
|
||||
const profile = parseProfile(json)
|
||||
try {
|
||||
profile = parseProfile(json)
|
||||
} catch (ex) {
|
||||
return done('Failed to identify user profile information', null)
|
||||
}
|
||||
profile.provider = 'oauth2'
|
||||
|
||||
done(null, profile)
|
||||
|
@ -97,7 +101,7 @@ function checkAuthorization (data, done) {
|
|||
|
||||
OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
|
||||
this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
|
||||
let json
|
||||
let json, profile
|
||||
|
||||
if (err) {
|
||||
return done(new InternalOAuthError('Failed to fetch user profile', err))
|
||||
|
@ -110,7 +114,11 @@ OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
|
|||
}
|
||||
|
||||
checkAuthorization(json, done)
|
||||
const profile = parseProfile(json)
|
||||
try {
|
||||
profile = parseProfile(json)
|
||||
} catch (ex) {
|
||||
return done('Failed to identify user profile information', null)
|
||||
}
|
||||
profile.provider = 'oauth2'
|
||||
|
||||
done(null, profile)
|
||||
|
|
|
@ -1,5 +1,10 @@
|
|||
# Release Notes
|
||||
|
||||
## <i class="fa fa-tag"></i> 1.x.x <i class="fa fa-calendar-o"></i> UNRELEASED
|
||||
|
||||
### Bugfixes
|
||||
- Fix a crash when cannot read user profile in Oauth
|
||||
|
||||
## <i class="fa fa-tag"></i> 1.10.0 <i class="fa fa-calendar-o"></i> 2024-09-01
|
||||
|
||||
This release fixes a security issue when using MySQL/MariaDB. We recommend upgrading as soon as possible, when you use
|
||||
|
|
20
yarn.lock
20
yarn.lock
|
@ -2938,26 +2938,6 @@ __metadata:
|
|||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"body-parser@npm:1.20.2":
|
||||
version: 1.20.2
|
||||
resolution: "body-parser@npm:1.20.2"
|
||||
dependencies:
|
||||
bytes: "npm:3.1.2"
|
||||
content-type: "npm:~1.0.5"
|
||||
debug: "npm:2.6.9"
|
||||
depd: "npm:2.0.0"
|
||||
destroy: "npm:1.2.0"
|
||||
http-errors: "npm:2.0.0"
|
||||
iconv-lite: "npm:0.4.24"
|
||||
on-finished: "npm:2.4.1"
|
||||
qs: "npm:6.11.0"
|
||||
raw-body: "npm:2.5.2"
|
||||
type-is: "npm:~1.6.18"
|
||||
unpipe: "npm:1.0.0"
|
||||
checksum: 10/3cf171b82190cf91495c262b073e425fc0d9e25cc2bf4540d43f7e7bbca27d6a9eae65ca367b6ef3993eea261159d9d2ab37ce444e8979323952e12eb3df319a
|
||||
languageName: node
|
||||
linkType: hard
|
||||
|
||||
"body-parser@npm:1.20.3":
|
||||
version: 1.20.3
|
||||
resolution: "body-parser@npm:1.20.3"
|
||||
|
|
Loading…
Reference in a new issue