zitadel/internal
Tim Möhlmann ad9422a7d0
fix(crypto): check for nil client secret (#7729)
When creating an app without secret or other type of authentication method,
like JWT, and the authentication type is switched afterwards the app would remain without generated secret.
If then client authentication with secret is attempted, for example on the token endpoint, the handler would panic in the crypto.CompareHash function on the nile pointer to the CryptoValue.

This fix introduces a nil pointer check in crypt.CompareHash and returns a error.

The issue was reported over discord: https://discord.com/channels/927474939156643850/1222971118730875020
Possible fix was suggested here: https://github.com/zitadel/zitadel/pull/6999#discussion_r1553503088
This bug only applies to zitadel versions <=2.49.1.
2024-04-09 08:44:52 +02:00
..
actions feat: support whole config as env (#6336) 2024-02-16 16:04:42 +00:00
activity fix: get orgID when missing on trigger logs (#7555) 2024-03-14 08:49:10 +00:00
admin/repository/eventsourcing fix(setup): init projections (#7194) 2024-01-25 17:28:20 +01:00
api fix(oidc): correctly return new refresh token on refresh token grant (#7707) 2024-04-04 18:02:42 +02:00
auth/repository chore: use pgx v5 (#7577) 2024-03-27 15:48:22 +02:00
auth_request/repository refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
authz fix: check error before using token (#7664) 2024-03-28 12:19:03 +00:00
command fix(oidc): correctly return new refresh token on refresh token grant (#7707) 2024-04-04 18:02:42 +02:00
config refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
crypto fix(crypto): check for nil client secret (#7729) 2024-04-09 08:44:52 +02:00
database chore: use pgx v5 (#7577) 2024-03-27 15:48:22 +02:00
domain feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
eventstore chore: use pgx v5 (#7577) 2024-03-27 15:48:22 +02:00
feature feat(oidc): token exchange impersonation (#7516) 2024-03-20 10:18:46 +00:00
form refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
i18n refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
iam refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
id chore(Makefile): add go generate target (#6944) 2023-11-22 10:56:43 +00:00
idp fix: use configured binding on SAML IDPs and make sure CSP doesn't block POST binding (#7341) 2024-02-05 14:45:15 +00:00
integration feat: add user v2 pw change required information on query (#7603) 2024-03-28 06:21:21 +00:00
logstore perf: project quotas and usages (#6441) 2023-09-15 16:58:45 +02:00
migration fix(setup): init projections (#7194) 2024-01-25 17:28:20 +01:00
net perf: project quotas and usages (#6441) 2023-09-15 16:58:45 +02:00
notification fix: properly handle otp sms challenge notification in session api (#7653) 2024-03-27 19:48:14 +02:00
org refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
project refactor: cleanup unused code (#7130) 2024-01-02 14:26:31 +00:00
protoc merge main into next 2023-10-19 12:34:00 +02:00
qrcode docs(legal): Updated agreements and policies v2 (#3823) 2022-06-15 08:30:58 +02:00
query feat: add user v2 pw change required information on query (#7603) 2024-03-28 06:21:21 +00:00
renderer fix(login): (re)allow HTML in custom login texts (#7575) 2024-03-15 16:29:10 +01:00
repository docs(oidc): token exchange guide (#7625) 2024-03-26 06:28:17 +00:00
static fix(crypto): check for nil client secret (#7729) 2024-04-09 08:44:52 +02:00
statik chore: initial version of a devcontainer (#6352) 2023-08-15 10:49:05 +02:00
telemetry refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
test feat: protos refactoring 2021-03-09 10:30:11 +01:00
user feat: add user v2 pw change required information on query (#7603) 2024-03-28 06:21:21 +00:00
view/repository chore: use pgx v5 (#7577) 2024-03-27 15:48:22 +02:00
webauthn refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00
zerrors refactor: rename package errors to zerrors (#7039) 2023-12-08 15:30:55 +01:00