0001-ldap-enable-custom-messages-from-backends-when-login.patch
src/authentic2/backends/__init__.py | ||
---|---|---|
17 | 17 |
from django.contrib.auth import get_user_model |
18 | 18 |
from authentic2 import app_settings |
19 | 19 | |
20 |
SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY = 'invalid_login_message' |
|
20 | 21 | |
21 | 22 |
def get_user_queryset(): |
22 | 23 |
User = get_user_model() |
src/authentic2/backends/ldap_backend.py | ||
---|---|---|
60 | 60 |
from authentic2.ldap_utils import FilterFormatter |
61 | 61 |
from authentic2.utils import to_list |
62 | 62 | |
63 |
from authentic2.backends import is_user_authenticable |
|
63 |
from authentic2.backends import is_user_authenticable, SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY
|
|
64 | 64 | |
65 | 65 |
log = logging.getLogger(__name__) |
66 | 66 | |
... | ... | |
638 | 638 |
raise ldap.SERVER_DOWN |
639 | 639 |
break |
640 | 640 |
except ldap.INVALID_CREDENTIALS: |
641 |
request = StoreRequestMiddleware.get_request() |
|
642 |
if request and request.session is not None: |
|
643 |
request.session[SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY] = f'LDAP ERROR: {authz_id} bind failed' |
|
641 | 644 |
user_login_failure(authz_id) |
642 | 645 |
pass |
643 | 646 |
else: |
src/authentic2/forms/authentication.py | ||
---|---|---|
25 | 25 |
from django.utils import html |
26 | 26 |
from django.utils.encoding import force_text |
27 | 27 | |
28 |
from authentic2.backends import SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY |
|
28 | 29 |
from authentic2.forms.fields import PasswordField |
30 |
from authentic2.middleware import StoreRequestMiddleware |
|
29 | 31 |
from authentic2.utils.lazy import lazy_label |
30 | 32 | |
31 | 33 |
from ..a2_rbac.models import OrganizationalUnit as OU |
... | ... | |
151 | 153 |
elif getattr(settings, 'REGISTRATION_OPEN', True): |
152 | 154 |
invalid_login_message.append( |
153 | 155 |
_('Try again or create an account.')) |
156 |
request = StoreRequestMiddleware.get_request() |
|
157 |
if (request and |
|
158 |
request.session and |
|
159 |
SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY in request.session): |
|
160 |
backend_message = request.session.pop(SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY) |
|
161 |
invalid_login_message.append(backend_message) |
|
154 | 162 |
error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message]) |
155 | 163 |
return error_messages |
tests/test_ldap.py | ||
---|---|---|
872 | 872 |
assert user.pk == user2.pk |
873 | 873 | |
874 | 874 | |
875 |
def test_invalid_login_message(slapd, settings, db, app): |
|
876 |
settings.LDAP_AUTH_SETTINGS = [{ |
|
877 |
'url': [slapd.ldap_url], |
|
878 |
'basedn': u'o=ôrga', |
|
879 |
'use_tls': False, |
|
880 |
}] |
|
881 | ||
882 |
response = app.get('/login/') |
|
883 |
response.form.set('username', USERNAME) |
|
884 |
response.form.set('password', 'invalid') |
|
885 |
response = response.form.submit(name='login-password-submit') |
|
886 |
assert 'LDAP ERROR' in str(response.pyquery('.errornotice')) |
|
887 | ||
888 | ||
875 | 889 |
def test_ou_selector(slapd, settings, app, ou1): |
876 | 890 |
settings.LDAP_AUTH_SETTINGS = [{ |
877 | 891 |
'url': [slapd.ldap_url], |
878 |
- |