[PR #1177] [CLOSED] fix: prevent runtime.TypeAssertionError in openid provider parsing #1301

New Issue

GiteaMirror · 2025-11-01T21:15:23-05:00

GiteaMirror commented

2025-11-01 21:15:23 -05:00

📋 Pull Request Information

Original PR: https://github.com/go-vikunja/vikunja/pull/1177
Author: @Copilot
Created: 7/25/2025
Status: ❌ Closed

Base: main ← Head: copilot/fix-1175

📝 Commits (2)

31a733a Initial plan
beb8968 fix: prevent runtime.TypeAssertionError in openid provider parsing

📊 Changes

1 file changed (+10 additions, -4 deletions)

View changed files

📝 pkg/modules/auth/openid/providers.go (+10 -4)

📄 Description

Problem

The application was crashing with a runtime.TypeAssertionError when parsing OpenID Connect provider configurations:

runtime.TypeAssertionError: interface conversion: interface {} is []interface {}, not map[interface {}]interface {}

This occurred in pkg/modules/auth/openid/providers.go at line 58, where the code was making an unsafe type assertion assuming that if a provider configuration wasn't a map[string]interface{}, it must be a map[interface{}]interface{}. However, misconfigured or malformed provider configs could result in other types like []interface{}, causing the application to panic.

Solution

Added proper type checking before the type assertion:

// Before (unsafe)
pis := p.(map[interface{}]interface{})

// After (safe)
if pis, isMap := p.(map[interface{}]interface{}); isMap {
    // Convert the map...
} else {
    // Log error and skip invalid provider
    log.Errorf("Skipping openid provider %s: expected map but got %T", key, p)
    continue
}

Impact

Prevents crashes: The /info endpoint and other OpenID functionality now handle invalid provider configurations gracefully
Better error handling: Invalid configurations are logged with descriptive error messages instead of causing panics
Backward compatibility: All existing valid configurations continue to work unchanged
Minimal change: Only 10 lines changed, maintaining the existing logic flow

The fix ensures that even with malformed OpenID provider configurations, the application continues to run and provides useful error information for debugging.

Fixes #1175.

💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more Copilot coding agent tips in the docs.

_{🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.}

## 📋 Pull Request Information **Original PR:** https://github.com/go-vikunja/vikunja/pull/1177 **Author:** [@Copilot](https://github.com/apps/copilot-swe-agent) **Created:** 7/25/2025 **Status:** ❌ Closed **Base:** `main` ← **Head:** `copilot/fix-1175` --- ### 📝 Commits (2) - [`31a733a`](https://github.com/go-vikunja/vikunja/commit/31a733aacf6683dce468d0bb09e03a92f4e1ddfd) Initial plan - [`beb8968`](https://github.com/go-vikunja/vikunja/commit/beb89684e3f3a12b988dbaaec6582d42a62e005d) fix: prevent runtime.TypeAssertionError in openid provider parsing ### 📊 Changes **1 file changed** (+10 additions, -4 deletions) <details> <summary>View changed files</summary> 📝 `pkg/modules/auth/openid/providers.go` (+10 -4) </details> ### 📄 Description ## Problem The application was crashing with a `runtime.TypeAssertionError` when parsing OpenID Connect provider configurations: ``` runtime.TypeAssertionError: interface conversion: interface {} is []interface {}, not map[interface {}]interface {} ``` This occurred in `pkg/modules/auth/openid/providers.go` at line 58, where the code was making an unsafe type assertion assuming that if a provider configuration wasn't a `map[string]interface{}`, it must be a `map[interface{}]interface{}`. However, misconfigured or malformed provider configs could result in other types like `[]interface{}`, causing the application to panic. ## Solution Added proper type checking before the type assertion: ```go // Before (unsafe) pis := p.(map[interface{}]interface{}) // After (safe) if pis, isMap := p.(map[interface{}]interface{}); isMap { // Convert the map... } else { // Log error and skip invalid provider log.Errorf("Skipping openid provider %s: expected map but got %T", key, p) continue } ``` ## Impact - **Prevents crashes**: The `/info` endpoint and other OpenID functionality now handle invalid provider configurations gracefully - **Better error handling**: Invalid configurations are logged with descriptive error messages instead of causing panics - **Backward compatibility**: All existing valid configurations continue to work unchanged - **Minimal change**: Only 10 lines changed, maintaining the existing logic flow The fix ensures that even with malformed OpenID provider configurations, the application continues to run and provides useful error information for debugging. Fixes #1175.  --- 💡 You can make Copilot smarter by setting up custom instructions, customizing its development environment and configuring Model Context Protocol (MCP) servers. Learn more [Copilot coding agent tips](https://gh.io/copilot-coding-agent-tips) in the docs. --- <sub>🔄 This issue represents a GitHub Pull Request. It cannot be merged through Gitea due to API limitations.</sub>

GiteaMirror added the pull-request label 2025-11-01 21:15:23 -05:00

GiteaMirror closed this issue

2025-11-01 21:15:23 -05:00

GiteaMirror referenced this issue

2025-11-01 21:18:15 -05:00

[PR #1301] [MERGED] chore(deps): update postgres:17 docker digest to 29e0bb0 #1412

Sign in to join this conversation.

Branches Tags

main

feat-websocket-notifications

claude/csv-import-feature-01Kavsoc8Zabn7Q7WwwfVjBh

csv-import-feature

feat-quick-entry

codex/add-task-sorting-functionality

fix-duplicate-close-button

codex/analyze-codebase-for-email-task-feature

feat-list-view-sorting

feat/official-vite-sentry-plugin

feat/highlight-overdue-tasks

feat/add-enter-key-form-submission-handling

feat/TipTap-nits

feat/update-caldavtimetotimestamp-parsing

feat-oauth-server

feat-phosphor-icons

wip-plans

claude/investigate-issue-2173-llKme

poc-yaegi-plugins

fix-description-text-drag

feat-custom-keyboard-shortcuts

pr-1845-ci

codex/fix-drag-and-drop-behavior-inconsistency

copilot/add-clickable-labels-for-filtering

copilot/fix-issue-1786

playwright-migration

fix-kanban-repeating-wip

copilot/fix-1498

feature/replace-axios

codex/upgrade-to-tailwind-4.1.8-using-pnpm

codex/add-cypress-test-for-avatar-types

feature/biome

feature/oxc

codex/update-flexsearch-to-0.8.205

4r6ni9-codex/fix-deprecated-sass-@import-usage

codex/fix-deprecated-sass-@import-usage

codex/add-cypress-test-for-task-list-refresh-fix

codex/fix-quick-add-magic-not-adding-tasks

codex/fix-all-type-errors

codex/fix-mimetype-for-docs.json

feature/caldav-from-scratch

feature/gh-actions-hetzner

fix-ci

feat/new-logger

jyte-better-dev-config

feat/add-team-member-with-enter

fix/button-and-icon-types

fix/notifications-component-name-collision

feature/null-time

renovate/tailwindcss-4.x

feature/unplugin-vue-router

fix/deprecated-import

feature/zod-schema

renovate/golangci-golangci-lint-1.x

fix/tiptap-editor-reactive-destructuring

release/0.24

feat/improve-add-task

fix/saved-filter-search

feature/use-modern-compiler-for-sass-files-as-well

feat/webp-and-avif-attachment-previews

feature/migrate-back-to-bulma

fix/sass-add-missing-list-import

feature/sticky-demo-bar

fix/gantt-view-switch

feature/typesense-position-join

feature/focus-visible

dependencies/golangci-lint

feature/better-filter-syntax

fix/tiptap-task-list

renovate/github.com-golang-jwt-jwt-v4-5.x

feature/hide-forbidden-related-tasks

renovate/golang-1.x

release/0.20

release/0.17

release/0.16

release/0.15

release/0.14

release/0.13

1 Participants

Notifications

Due Date

No due date set.

Dependencies

No dependencies set.

Reference: github-starred/vikunja#1301