Giters

hedgedoc / hedgedoc

HedgeDoc - Ideas grow better together

Home Page:https://hedgedoc.org

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Missing user profile attributes for OAuth2 Login lead to an uncaught Exception

heavygale opened this issue · comments

commented

Description

If the application is configured with oauth2 without setting the user profile attributes, a login attempt leads to an exception and the application is terminated.

Steps to reproduce

Set up the application with oauth2 (e.g. using docker), but do not specify these values:
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR

Expected behaviour

If the configuration is incomplete, a login attempt should only result in an error message for the user or the application should deactivate the OAuth2 login method at startup and log a message about the missing parameters.

Logs

app-1       | 2024-02-17T13:40:55.702Z error: 	uncaughtException: Cannot read properties of undefined (reading 'split')
app-1       | TypeError: Cannot read properties of undefined (reading 'split')
app-1       |     at extractProfileAttribute (/hedgedoc/lib/web/auth/oauth2/index.js:46:15)
app-1       |     at parseProfile (/hedgedoc/lib/web/auth/oauth2/index.js:57:20)
app-1       |     at /hedgedoc/lib/web/auth/oauth2/index.js:107:21
app-1       |     at passBackControl (/hedgedoc/node_modules/oauth/lib/oauth2.js:134:9)
app-1       |     at IncomingMessage.<anonymous> (/hedgedoc/node_modules/oauth/lib/oauth2.js:157:7)
app-1       |     at IncomingMessage.emit (node:events:526:35)
app-1       |     at endReadableNT (node:internal/streams/readable:1376:12)
app-1       |     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
app-1       | 2024-02-17T13:40:55.702Z error: 	An uncaught exception has occured.
app-1       | 2024-02-17T13:40:55.702Z error: 	Cannot read properties of undefined (reading 'split')
app-1       | 2024-02-17T13:40:55.702Z error: 	Process will exit now.

Config

Using docker compose environment values for app:
- CMD_OAUTH2_AUTHORIZATION_URL=https://[...]
- CMD_OAUTH2_TOKEN_URL=https://[...]
- CMD_OAUTH2_USER_PROFILE_URL=https://[...]
- CMD_OAUTH2_CLIENT_ID=[...]
- CMD_OAUTH2_CLIENT_SECRET=[...]
- CMD_OAUTH2_PROVIDERNAME=[...]

The following values have not been added to the configuration:
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR

Your Setup

docker compose, using quay.io/hedgedoc/hedgedoc:1.9.9

Additional context

https://github.com/joachimmathes/hedgedoc/blob/master/lib/web/auth/oauth2/index.js#L53-L55