From 1d3c0d4d9c188ba06feff4c51372f1c11c39c012 Mon Sep 17 00:00:00 2001
From: Harshavardhan Musanalli <harshavmb@gmail.com>
Date: Sun, 17 Aug 2025 20:34:57 +0200
Subject: [PATCH] #6163: Fix panic when SSO_MASTER_PASSWORD_POLICY is non-json

---
 src/api/mod.rs | 9 ++++++++-
 1 file changed, 8 insertions(+), 1 deletion(-)

diff --git a/src/api/mod.rs b/src/api/mod.rs
index e0df1e64..5aad2b9b 100644
--- a/src/api/mod.rs
+++ b/src/api/mod.rs
@@ -111,7 +111,14 @@ async fn master_password_policy(user: &User, conn: &DbConn) -> Value {
             }
         }))
     } else if let Some(policy_str) = CONFIG.sso_master_password_policy().filter(|_| CONFIG.sso_enabled()) {
-        serde_json::from_str(&policy_str).unwrap_or(json!({}))
+        // Use a match statement to handle Ok and Err results gracefully.
+        match serde_json::from_str(&policy_str) {
+            Ok(val) => val,
+            Err(_) => {
+                warn!("Failed to parse sso_master_password_policy configuration string: {}", policy_str);
+                json!({})
+            },
+        }
     } else {
         json!({})
     };