mirror of
https://github.com/hedgedoc/hedgedoc.git
synced 2024-11-28 15:20:58 -05:00
1f1b2bd386
This patch adds a try-catch around the rolesClaim extraction to prevent full crashes of HedgeDoc when a user profile is read, that doesn't contain any such claim, which can happen with some IdPs, like Keycloak, that omit the attribute when it's empty. As a result an authorized user would crash the entire server, which is definitely unintended behaviour. The simply try-catch should resolve the issue and make sure that roles is always defined even if the `extractProfileAttribute` call fails. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> |
||
---|---|---|
.. | ||
auth | ||
imageRouter | ||
middleware | ||
note | ||
baseRouter.js | ||
historyRouter.js | ||
statusRouter.js | ||
userRouter.js | ||
utils.js |