From a3881e776c8aab84ff9443dfdab4d68c9179fa55 Mon Sep 17 00:00:00 2001 From: Valentin Deniaud Date: Thu, 14 Oct 2021 17:56:56 +0200 Subject: [PATCH 1/2] ldap: do not crash if password change is not allowed (#57733) --- src/authentic2/backends/ldap_backend.py | 4 ++-- tests/test_ldap.py | 8 +++++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/src/authentic2/backends/ldap_backend.py b/src/authentic2/backends/ldap_backend.py index 7bcb4f4e..70f45382 100644 --- a/src/authentic2/backends/ldap_backend.py +++ b/src/authentic2/backends/ldap_backend.py @@ -476,8 +476,8 @@ class LDAPUser(User): return try: self.ldap_backend.modify_password(conn, self.block, self.dn, _current_password, new_password) - except ldap.STRONG_AUTH_REQUIRED: - log.warning('ldap: set_password failed, STRONG_AUTH_REQUIRED') + except ldap.LDAPError as e: + log.warning('ldap: set_password failed (%s)', type(e).__name__) return self._current_password = new_password self.keep_password_in_session(new_password) diff --git a/tests/test_ldap.py b/tests/test_ldap.py index 578175bf..f6c576ca 100644 --- a/tests/test_ldap.py +++ b/tests/test_ldap.py @@ -1247,7 +1247,7 @@ def test_user_attributes(slapd, settings, client, db): client.session.flush() -def test_set_password(slapd, settings, db): +def test_set_password(slapd, settings, db, caplog): settings.LDAP_AUTH_SETTINGS = [ { 'url': [slapd.ldap_url], @@ -1263,6 +1263,12 @@ def test_set_password(slapd, settings, db): user2 = authenticate(username='etienne.michu', password='àbon') assert user.pk == user2.pk + with mock.patch( + 'authentic2.backends.ldap_backend.LDAPBackend.modify_password', side_effect=ldap.UNWILLING_TO_PERFORM + ): + user.set_password('passé') + assert 'set_password failed (UNWILLING_TO_PERFORM)' in caplog.text + def test_login_ppolicy_pwdMaxFailure(slapd_ppolicy, settings, db, app): settings.LDAP_AUTH_SETTINGS = [ -- 2.30.2