Project

General

Profile

0001-ldap-enable-custom-messages-from-backends-when-login.patch

Loïc Dachary, 10 February 2021 02:36 PM

Download (4.23 KB)

View differences:

Subject: [PATCH] ldap: enable custom messages from backends when login fails

 src/authentic2/backends/__init__.py     |  1 +
 src/authentic2/backends/ldap_backend.py |  5 ++++-
 src/authentic2/forms/authentication.py  |  8 ++++++++
 tests/test_ldap.py                      | 14 ++++++++++++++
 4 files changed, 27 insertions(+), 1 deletion(-)
src/authentic2/backends/__init__.py
17 17
from django.contrib.auth import get_user_model
18 18
from authentic2 import app_settings
19 19

  
20
SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY = 'invalid_login_message'
20 21

  
21 22
def get_user_queryset():
22 23
    User = get_user_model()
src/authentic2/backends/ldap_backend.py
60 60
from authentic2.ldap_utils import FilterFormatter
61 61
from authentic2.utils import to_list
62 62

  
63
from authentic2.backends import is_user_authenticable
63
from authentic2.backends import is_user_authenticable, SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY
64 64

  
65 65
log = logging.getLogger(__name__)
66 66

  
......
638 638
                                    raise ldap.SERVER_DOWN
639 639
                            break
640 640
                        except ldap.INVALID_CREDENTIALS:
641
                            request = StoreRequestMiddleware.get_request()
642
                            if request and request.session is not None:
643
                                request.session[SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY] = f'LDAP ERROR: {authz_id} bind failed'
641 644
                            user_login_failure(authz_id)
642 645
                            pass
643 646
                    else:
src/authentic2/forms/authentication.py
25 25
from django.utils import html
26 26
from django.utils.encoding import force_text
27 27

  
28
from authentic2.backends import SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY
28 29
from authentic2.forms.fields import PasswordField
30
from authentic2.middleware import StoreRequestMiddleware
29 31
from authentic2.utils.lazy import lazy_label
30 32

  
31 33
from ..a2_rbac.models import OrganizationalUnit as OU
......
151 153
        elif getattr(settings, 'REGISTRATION_OPEN', True):
152 154
            invalid_login_message.append(
153 155
                    _('Try again or create an account.'))
156
        request = StoreRequestMiddleware.get_request()
157
        if (request and
158
            request.session and
159
            SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY in request.session):
160
            backend_message = request.session.pop(SESSION_BACKEND_INVALID_LOGIN_MESSAGE_KEY)
161
            invalid_login_message.append(backend_message)
154 162
        error_messages['invalid_login'] = ' '.join([force_text(x) for x in invalid_login_message])
155 163
        return error_messages
tests/test_ldap.py
872 872
    assert user.pk == user2.pk
873 873

  
874 874

  
875
def test_invalid_login_message(slapd, settings, db, app):
876
    settings.LDAP_AUTH_SETTINGS = [{
877
        'url': [slapd.ldap_url],
878
        'basedn': u'o=ôrga',
879
        'use_tls': False,
880
    }]
881

  
882
    response = app.get('/login/')
883
    response.form.set('username', USERNAME)
884
    response.form.set('password', 'invalid')
885
    response = response.form.submit(name='login-password-submit')
886
    assert 'LDAP ERROR' in str(response.pyquery('.errornotice'))
887

  
888

  
875 889
def test_ou_selector(slapd, settings, app, ou1):
876 890
    settings.LDAP_AUTH_SETTINGS = [{
877 891
        'url': [slapd.ldap_url],
878
-