hedgedoc

mirror of https://github.com/hedgedoc/hedgedoc.git synced 2024-09-19 23:48:57 -04:00

History

Sheogorath 1f1b2bd386 fix(oauth2): Fix crash in rolesClaim extraction This patch adds a try-catch around the rolesClaim extraction to prevent full crashes of HedgeDoc when a user profile is read, that doesn't contain any such claim, which can happen with some IdPs, like Keycloak, that omit the attribute when it's empty. As a result an authorized user would crash the entire server, which is definitely unintended behaviour. The simply try-catch should resolve the issue and make sure that roles is always defined even if the `extractProfileAttribute` call fails. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>		2023-10-19 19:34:44 +02:00
..
config	Update dockerSecret.js	2023-06-09 17:03:17 +02:00
migrations	refactor(migrations): move cleanup code into migration	2022-11-06 22:24:48 +01:00
models	style(migrations): fix formatting errors	2022-11-06 22:24:48 +01:00
ot	Fix logging in ot module	2018-11-13 23:30:13 +01:00
web	fix(oauth2): Fix crash in rolesClaim extraction	2023-10-19 19:34:44 +02:00
workers	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
csp.js	Fix GitLab snippet export	2022-04-10 21:24:30 +02:00
errors.js	Fix express deprecation warning	2022-10-30 22:15:16 +01:00
history.js	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
letter-avatars.js	Use identicons as fallback for libravatar	2022-01-07 14:03:26 +01:00
logger.js	Fix eslint warnings	2019-05-31 00:30:29 +02:00
prometheus.js	Add custom prometheus metrics	2021-04-25 20:06:56 +02:00
realtime.js	Fix premature note cleanup on error	2023-05-28 16:10:51 +02:00
response.js	Adapt code for eslint-config-standard 17	2022-05-01 21:19:44 +02:00
utils.js	Exclude /metrics and /status routes from session initialization	2021-07-20 23:56:54 +02:00