github/hedgedoc
1
0
Fork 0
mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-12-01 06:14:42 -05:00
Code Issues Projects Releases Packages Wiki Activity
hedgedoc/lib/web/auth
History
Sheogorath 1f1b2bd386 fix(oauth2): Fix crash in rolesClaim extraction 
This patch adds a try-catch around the rolesClaim extraction to prevent
full crashes of HedgeDoc when a user profile is read, that doesn't
contain any such claim, which can happen with some IdPs, like Keycloak,
that omit the attribute when it's empty.

As a result an authorized user would crash the entire server, which is
definitely unintended behaviour. The simply try-catch should resolve the
issue and make sure that roles is always defined even if the
`extractProfileAttribute` call fails.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2023-10-19 19:34:44 +02:00
..
dropbox
email Adapt code for eslint-config-standard 17 2022-05-01 21:19:44 +02:00
facebook
github
gitlab
google
ldap Fix crash in LDAP authentication 2022-08-22 09:01:04 +02:00
mattermost
oauth2 fix(oauth2): Fix crash in rolesClaim extraction 2023-10-19 19:34:44 +02:00
openid
saml SAML: Use privateKey option 2021-05-17 18:46:00 +02:00
twitter
index.js fix(deps): update dependency passport to ^0.6.0 2022-06-05 22:36:55 +02:00
utils.js Adapt code for eslint-config-standard 17 2022-05-01 21:19:44 +02:00