mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-22 09:46:30 -05:00
1f1b2bd386
This patch adds a try-catch around the rolesClaim extraction to prevent full crashes of HedgeDoc when a user profile is read, that doesn't contain any such claim, which can happen with some IdPs, like Keycloak, that omit the attribute when it's empty. As a result an authorized user would crash the entire server, which is definitely unintended behaviour. The simply try-catch should resolve the issue and make sure that roles is always defined even if the `extractProfileAttribute` call fails. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
index.js |