mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-12-04 21:13:33 -05:00
1f1b2bd386
This patch adds a try-catch around the rolesClaim extraction to prevent full crashes of HedgeDoc when a user profile is read, that doesn't contain any such claim, which can happen with some IdPs, like Keycloak, that omit the attribute when it's empty. As a result an authorized user would crash the entire server, which is definitely unintended behaviour. The simply try-catch should resolve the issue and make sure that roles is always defined even if the `extractProfileAttribute` call fails. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
dropbox | ||
github | ||
gitlab | ||
ldap | ||
mattermost | ||
oauth2 | ||
openid | ||
saml | ||
index.js | ||
utils.js |