fix: crash if csrfToken does not exist

5 years ago · a3c8d45626
parent 6f889c9c83
commit a3c8d45626
1 changed files with 1 additions and 1 deletions
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@ -67,7 +67,7 @@ Auth.reloadRoutes = async function (params) {
 	loginStrategies.forEach(function (strategy) {
 		if (strategy.url) {
 			router.get(strategy.url, Auth.middleware.applyCSRF, function (req, res, next) {
-				req.session.ssoState = req.csrfToken();
+				req.session.ssoState = req.csrfToken && req.csrfToken();
 				passport.authenticate(strategy.name, {
 					scope: strategy.scope,
 					prompt: strategy.prompt || undefined,