hedgedoc/lib/web
Sheogorath 1f1b2bd386 fix(oauth2): Fix crash in rolesClaim extraction
This patch adds a try-catch around the rolesClaim extraction to prevent
full crashes of HedgeDoc when a user profile is read, that doesn't
contain any such claim, which can happen with some IdPs, like Keycloak,
that omit the attribute when it's empty.

As a result an authorized user would crash the entire server, which is
definitely unintended behaviour. The simply try-catch should resolve the
issue and make sure that roles is always defined even if the
`extractProfileAttribute` call fails.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
2023-10-19 19:34:44 +02:00
..
auth fix(oauth2): Fix crash in rolesClaim extraction 2023-10-19 19:34:44 +02:00
imageRouter fix(image-router): correct usage of rimraf 2023-02-12 20:58:02 +01:00
middleware Replace CodiMD with HedgeDoc 2020-11-14 21:18:36 +01:00
note fix: use better already-exist check in note creation 2023-07-18 23:18:21 +02:00
baseRouter.js Move note actions to their own file. 2019-10-27 13:51:53 +01:00
historyRouter.js Fix eslint warnings 2019-05-31 00:30:29 +02:00
statusRouter.js enhancement(metrics): allow disabling via config option 2023-06-04 21:03:46 +02:00
userRouter.js fix(user-export): sanitize filenames in zip properly 2022-11-27 20:51:37 +01:00
utils.js Allow posting new note with content 2018-01-18 10:41:58 +01:00