Projet

Général

Profil

0001-ldap-enable-custom-messages-from-backends-when-login.patch

Loïc Dachary, 10 février 2021 14:36

Télécharger (4,23 ko)

Voir les différences: 

Subject: [PATCH] ldap: enable custom messages from backends when login fails


 src/authentic2/backends/__init__.py     |  1 +
 src/authentic2/backends/ldap_backend.py |  5 ++++-
 src/authentic2/forms/authentication.py  |  8 ++++++++
 tests/test_ldap.py                      | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)
src/authentic2/backends/__init__.py
17 17 
from django.contrib.auth import get_user_model
18 18 
from authentic2 import app_settings
19 19 

  		




  
  20
  
    
SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY = 'invalid_login_message'

  		




  20
  21
  
    

  		




  21
  22
  
    
def get_user_queryset():

  		




  22
  23
  
    
    User = get_user_model()

  		












  

    
      src/authentic2/backends/ldap_backend.py
    
  





  60
  60
  
    
from authentic2.ldap_utils import FilterFormatter

  		




  61
  61
  
    
from authentic2.utils import to_list

  		




  62
  62
  
    

  		




  63
  
  
    
from authentic2.backends import is_user_authenticable

  		




  
  63
  
    
from authentic2.backends import is_user_authenticable, SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY

  		




  64
  64
  
    

  		




  65
  65
  
    
log = logging.getLogger(__name__)

  		




  66
  66
  
    

  		




  ......




  638
  638
  
    
                                    raise ldap.SERVER_DOWN

  		




  639
  639
  
    
                            break

  		




  640
  640
  
    
                        except ldap.INVALID_CREDENTIALS:

  		




  
  641
  
    
                            request = StoreRequestMiddleware.get_request()

  		




  
  642
  
    
                            if request and request.session is not None:

  		




  
  643
  
    
                                request.session[SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY] = f'LDAP ERROR: {authz_id} bind failed'

  		




  641
  644
  
    
                            user_login_failure(authz_id)

  		




  642
  645
  
    
                            pass

  		




  643
  646
  
    
                    else:

  		












  

    
      src/authentic2/forms/authentication.py
    
  





  25
  25
  
    
from django.utils import html

  		




  26
  26
  
    
from django.utils.encoding import force_text

  		




  27
  27
  
    

  		




  
  28
  
    
from authentic2.backends import SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY

  		




  28
  29
  
    
from authentic2.forms.fields import PasswordField

  		




  
  30
  
    
from authentic2.middleware import StoreRequestMiddleware

  		




  29
  31
  
    
from authentic2.utils.lazy import lazy_label

  		




  30
  32
  
    

  		




  31
  33
  
    
from ..a2_rbac.models import OrganizationalUnit as OU

  		




  ......




  151
  153
  
    
        elif getattr(settings, 'REGISTRATION_OPEN', True):

  		




  152
  154
  
    
            invalid_login_message.append(

  		




  153
  155
  
    
                    _('Try again or create an account.'))

  		




  
  156
  
    
        request = StoreRequestMiddleware.get_request()

  		




  
  157
  
    
        if (request and

  		




  
  158
  
    
            request.session and

  		




  
  159
  
    
            SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY in request.session):

  		




  
  160
  
    
            backend_message = request.session.pop(SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY)

  		




  
  161
  
    
            invalid_login_message.append(backend_message)

  		




  154
  162
  
    
        error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message])

  		




  155
  163
  
    
        return error_messages

  		












  

    
      tests/test_ldap.py
    
  





  872
  872
  
    
    assert user.pk == user2.pk

  		




  873
  873
  
    

  		




  874
  874
  
    

  		




  
  875
  
    
def test_invalid_login_message(slapd, settings, db, app):

  		




  
  876
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  
  877
  
    
        'url': [slapd.ldap_url],

  		




  
  878
  
    
        'basedn': u'o=ôrga',

  		




  
  879
  
    
        'use_tls': False,

  		




  
  880
  
    
    }]

  		




  
  881
  
    

  		




  
  882
  
    
    response = app.get('/login/')

  		




  
  883
  
    
    response.form.set('username', USERNAME)

  		




  
  884
  
    
    response.form.set('password', 'invalid')

  		




  
  885
  
    
    response = response.form.submit(name='login-password-submit')

  		




  
  886
  
    
    assert 'LDAP ERROR' in str(response.pyquery('.errornotice'))

  		




  
  887
  
    

  		




  
  888
  
    

  		




  875
  889
  
    
def test_ou_selector(slapd, settings, app, ou1):

  		




  876
  890
  
    
    settings.LDAP_AUTH_SETTINGS = [{

  		




  877
  891
  
    
        'url': [slapd.ldap_url],

  		




  878
  
  
    
-