github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-11-21 17:26:29 -05:00
Code Issues Projects Releases Packages Wiki Activity
hedgedoc/lib/web/auth
History
Sheogorath 1f1b2bd386 fix(oauth2): Fix crash in rolesClaim extraction 
This patch adds a try-catch around the rolesClaim extraction to prevent
full crashes of HedgeDoc when a user profile is read, that doesn't
contain any such claim, which can happen with some IdPs, like Keycloak,
that omit the attribute when it's empty.

As a result an authorized user would crash the entire server, which is
definitely unintended behaviour. The simply try-catch should resolve the
issue and make sure that roles is always defined even if the
`extractProfileAttribute` call fails.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2023-10-19 19:34:44 +02:00
..
dropbox Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
email Adapt code for eslint-config-standard 17 2022-05-01 21:19:44 +02:00
facebook Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
github Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
gitlab Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
google Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
ldap Fix crash in LDAP authentication 2022-08-22 09:01:04 +02:00
mattermost Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
oauth2 fix(oauth2): Fix crash in rolesClaim extraction 2023-10-19 19:34:44 +02:00
openid Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
saml SAML: Use privateKey option 2021-05-17 18:46:00 +02:00
twitter Linter: Fix all lint errors 2021-02-15 12:15:14 +01:00
index.js fix(deps): update dependency passport to ^0.6.0 2022-06-05 22:36:55 +02:00
utils.js Adapt code for eslint-config-standard 17 2022-05-01 21:19:44 +02:00