fix(oauth2): Fix crash when profile fields are missing (#5850)

Co-authored-by: Lautaro Alvarez <lautaro@grava.digital>
2025-05-13 06:34:39 -04:00 · 2024-11-01 11:21:10 -03:00 · 2024-11-01 11:21:10 -03:00 · 4fdab806a3
commit 4fdab806a3
parent 0f06adb9c7
3 changed files with 17 additions and 24 deletions
--- a/lib/web/auth/oauth2/index.js
+++ b/lib/web/auth/oauth2/index.js
@ -20,7 +20,7 @@ class OAuth2CustomStrategy extends Strategy {

  userProfile (accessToken, done) {
    this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
-      let json
+      let json, profile

      if (err) {
        return done(new InternalOAuthError('Failed to fetch user profile', err))
@ -33,7 +33,11 @@ class OAuth2CustomStrategy extends Strategy {
      }

      checkAuthorization(json, done)
-      const profile = parseProfile(json)
+      try {
+        profile = parseProfile(json)
+      } catch (ex) {
+        return done('Failed to identify user profile information', null)
+      }
      profile.provider = 'oauth2'

      done(null, profile)
@ -97,7 +101,7 @@ function checkAuthorization (data, done) {

 OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
  this._oauth2.get(this._userProfileURL, accessToken, function (err, body, res) {
-    let json
+    let json, profile

    if (err) {
      return done(new InternalOAuthError('Failed to fetch user profile', err))
@ -110,7 +114,11 @@ OAuth2CustomStrategy.prototype.userProfile = function (accessToken, done) {
    }

    checkAuthorization(json, done)
-    const profile = parseProfile(json)
+    try {
+      profile = parseProfile(json)
+    } catch (ex) {
+      return done('Failed to identify user profile information', null)
+    }
    profile.provider = 'oauth2'

    done(null, profile)