mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-21 17:26:29 -05:00
1f1b2bd386
This patch adds a try-catch around the rolesClaim extraction to prevent full crashes of HedgeDoc when a user profile is read, that doesn't contain any such claim, which can happen with some IdPs, like Keycloak, that omit the attribute when it's empty. As a result an authorized user would crash the entire server, which is definitely unintended behaviour. The simply try-catch should resolve the issue and make sure that roles is always defined even if the `extractProfileAttribute` call fails. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
config | ||
migrations | ||
models | ||
ot | ||
web | ||
workers | ||
csp.js | ||
errors.js | ||
history.js | ||
letter-avatars.js | ||
logger.js | ||
prometheus.js | ||
realtime.js | ||
response.js | ||
utils.js |