hedgedoc/lib/web/auth/oauth2, branch cindy Hedgedoc with support for CindyScript Linter: Fix all lint errors 2021-02-15T11:15:14+00:00 Philip Molares 2021-02-15T08:42:51+00:00 136d895d155f28c2e75b3af206549acaa2a354ed Signed-off-by: Philip Molares <philip.molares@udo.edu> 
Signed-off-by: Philip Molares <philip.molares@udo.edu>
Fix crash when OAuth2 config parameters are missing 2020-11-30T14:04:30+00:00 David Mehren 2020-11-30T14:04:30+00:00 cc7fa947bfb4043bd4b97b0040e82daef892f365 If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash. This commit adds handling of these cases and improves error logging in `checkAuthorization`. Fixes #608 Signed-off-by: David Mehren <git@herrmehren.de> 
If the optional config options `config.oauth2.userProfileIdAttr` or `config.oauth2.rolesClaim` were not set, `String.split` was called on `undefined`, triggering a crash.

This commit adds handling of these cases and improves error logging in `checkAuthorization`.

Fixes #608

Signed-off-by: David Mehren <git@herrmehren.de>
Add oauth2 authorization 2020-11-25T18:23:55+00:00 Joachim Mathes 2020-11-21T19:26:12+00:00 729b387536d2bcf43a20b2ddead4bffdfd342d2a Signed-off-by: Joachim Mathes <joachim_mathes@web.de> 
Signed-off-by: Joachim Mathes <joachim_mathes@web.de>
Generic OAuth2: Set state: true 2020-10-22T20:50:34+00:00 Dexter Chua 2020-06-16T08:45:23+00:00 a88b4aff2a904cd2351002784817d54120766ad8 The OAuth2 specification RECOMMENDS setting the state to protect against CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to authenticate without the state set. This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f. Signed-off-by: haslersn <sebastian.hasler@gmx.net> 
The OAuth2 specification RECOMMENDS setting the state to protect against
CSRF attacks. Some OAuth2 providers (e.g. ORY Hydra) refuse to
authenticate without the state set.

This is a cherry-pick of 852868419dc03d5dec79e75a3d7692ab670c927f.

Signed-off-by: haslersn <sebastian.hasler@gmx.net>
Backport of #278 for 1.6.1 2020-06-20T14:48:25+00:00 Victor Berger 2020-06-20T14:33:57+00:00 5f3a1b626653d9b6331bfcb673d64324b29e2927 This is a backport of #278 with the default value of `scope` changed to `undefined`. This is thus a fully backward-compatible change. Signed-off-by: Victor Berger <victor.berger@m4x.org> 
This is a backport of #278 with the default value of `scope` changed to
`undefined`. This is thus a fully backward-compatible change.

Signed-off-by: Victor Berger <victor.berger@m4x.org>
Removing returnTo setting from referer in all other authentication sources 2019-11-28T11:25:59+00:00 Ralph Krimmel 2019-11-28T11:25:59+00:00 3fb3ca54e9c038ad091d234b19f5bd64003f8321 Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de> 
Signed-off-by: Ralph Krimmel <rkrimme1@gwdg.de>
Fix eslint warnings 2019-05-30T22:30:29+00:00 Sheogorath 2019-05-30T22:27:56+00:00 4da68597f701376307fe8849ed57edd3a80833ed Since we are about to release it's time to finally fix our linting. This patch basically runs eslint --fix and does some further manual fixes. Also it sets up eslint to fail on every warning on order to make warnings visable in the CI process. There should no functional change be introduced. Signed-off-by: Sheogorath <sheogorath@shivering-isles.com> 
Since we are about to release it's time to finally fix our linting. This
patch basically runs eslint --fix and does some further manual fixes.
Also it sets up eslint to fail on every warning on order to make
warnings visable in the CI process.

There should no functional change be introduced.

Signed-off-by: Sheogorath <sheogorath@shivering-isles.com>
Fix typo 2018-11-27T14:14:37+00:00 CloudYu 2018-11-27T14:13:18+00:00 35a9f72a06dd1ed28f16161028b5407dd3511ac0 Signed-off-by: CloudYu <cloudyu322@gmail.com> 
Signed-off-by: CloudYu <cloudyu322@gmail.com>
InternalOAuthError is not part of passport, but of passport-oauth2 2018-11-14T13:38:47+00:00 Claudius Coenen 2018-11-14T09:39:43+00:00 56c043424dfdeb7e0568ecc76bf9e754696881a0 This fixes part of #1056: an error while obtaining the profile would have `502`-crashed the server. Signed-off-by: Claudius Coenen <opensource@amenthes.de> 
This fixes part of #1056: an error while obtaining the profile
would have `502`-crashed the server.

Signed-off-by: Claudius Coenen <opensource@amenthes.de>
Add support for generic OAuth2 providers 2018-03-26T13:55:39+00:00 Pedro Ferreira 2017-06-27T17:08:05+00:00 40b385570291278f44806446f702ee61e1382805 Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch> 
Signed-off-by: Pedro Ferreira <pedro.ferreira@cern.ch>