return error for malformed xml to avoid panic, fix external link bug

techknowlogick · Oct 30, 2023 · 17f0fe5 · 17f0fe5
1 parent 9b90e35
commit 17f0fe5
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 1 deletion.
diff --git a/routers/web/auth/linkaccount.go b/routers/web/auth/linkaccount.go
@@ -283,7 +283,7 @@ func LinkAccountPostRegister(ctx *context.Context) {
 		Name:        form.UserName,
 		Email:       form.Email,
 		Passwd:      form.Password,
-		LoginType:   auth.OAuth2,
+		LoginType:   authSource.Type,
 		LoginSource: authSource.ID,
 		LoginName:   linkUser.GothUser.UserID,
 	}

diff --git a/services/auth/source/saml/source.go b/services/auth/source/saml/source.go
@@ -9,6 +9,7 @@ import (
 	"crypto/x509"
 	"encoding/base64"
 	"encoding/xml"
+	"errors"
 	"fmt"
 	"net/url"
 
@@ -86,6 +87,10 @@ func (source *Source) initSAMLSp() error {
 		Roots: []*x509.Certificate{},
 	}
 
+	if metadata.IDPSSODescriptor == nil {
+		return errors.New("saml idp metadata missing IDPSSODescriptor")
+	}
+
 	for _, kd := range metadata.IDPSSODescriptor.KeyDescriptors {
 		for idx, xcert := range kd.KeyInfo.X509Data.X509Certificates {
 			if xcert.Data == "" {