Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Missing user profile attributes for OAuth2 Login lead to an uncaught Exception #5521

Open
heavygale opened this issue Feb 17, 2024 · 0 comments
Open

Missing user profile attributes for OAuth2 Login lead to an uncaught Exception #5521

heavygale opened this issue Feb 17, 2024 · 0 comments
Labels
type: bug Something isn't working
Milestone
Version 1.x

Comments

@heavygale
Copy link

Description

If the application is configured with oauth2 without setting the user profile attributes, a login attempt leads to an exception and the application is terminated.

Steps to reproduce

Set up the application with oauth2 (e.g. using docker), but do not specify these values:
CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR

Expected behaviour

If the configuration is incomplete, a login attempt should only result in an error message for the user or the application should deactivate the OAuth2 login method at startup and log a message about the missing parameters.

Logs

app-1       | 2024-02-17T13:40:55.702Z error: 	uncaughtException: Cannot read properties of undefined (reading 'split')
app-1       | TypeError: Cannot read properties of undefined (reading 'split')
app-1       |     at extractProfileAttribute (/hedgedoc/lib/web/auth/oauth2/index.js:46:15)
app-1       |     at parseProfile (/hedgedoc/lib/web/auth/oauth2/index.js:57:20)
app-1       |     at /hedgedoc/lib/web/auth/oauth2/index.js:107:21
app-1       |     at passBackControl (/hedgedoc/node_modules/oauth/lib/oauth2.js:134:9)
app-1       |     at IncomingMessage.<anonymous> (/hedgedoc/node_modules/oauth/lib/oauth2.js:157:7)
app-1       |     at IncomingMessage.emit (node:events:526:35)
app-1       |     at endReadableNT (node:internal/streams/readable:1376:12)
app-1       |     at process.processTicksAndRejections (node:internal/process/task_queues:82:21)
app-1       | 2024-02-17T13:40:55.702Z error: 	An uncaught exception has occured.
app-1       | 2024-02-17T13:40:55.702Z error: 	Cannot read properties of undefined (reading 'split')
app-1       | 2024-02-17T13:40:55.702Z error: 	Process will exit now.

Config

Using docker compose environment values for app:
- CMD_OAUTH2_AUTHORIZATION_URL=https://[...]
- CMD_OAUTH2_TOKEN_URL=https://[...]
- CMD_OAUTH2_USER_PROFILE_URL=https://[...]
- CMD_OAUTH2_CLIENT_ID=[...]
- CMD_OAUTH2_CLIENT_SECRET=[...]
- CMD_OAUTH2_PROVIDERNAME=[...]

The following values have not been added to the configuration:
- CMD_OAUTH2_USER_PROFILE_USERNAME_ATTR
- CMD_OAUTH2_USER_PROFILE_DISPLAY_NAME_ATTR
- CMD_OAUTH2_USER_PROFILE_EMAIL_ATTR

Your Setup

docker compose, using quay.io/hedgedoc/hedgedoc:1.9.9

Additional context

https://github.com/joachimmathes/hedgedoc/blob/master/lib/web/auth/oauth2/index.js#L53-L55
@heavygale heavygale added the type: bug Something isn't working label Feb 17, 2024
@ErikMichelson ErikMichelson added this to the Version 1.x milestone Feb 18, 2024
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
type: bug Something isn't working
Projects
None yet
Milestone
Version 1.x
Development

No branches or pull requests
2 participants
@heavygale @ErikMichelson