sources/ldap: improve error message (#5653)

* sources/ldap: improve ldap password change error message

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

* stages/user_write: handle validation error when updating user

Signed-off-by: Jens Langhammer <jens@goauthentik.io>

---------

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
Jens L 2023-05-17 15:26:46 +02:00 committed by GitHub
parent 3195a75b9a
commit cd7de4c0b9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
3 changed files with 15 additions and 7 deletions

View file

@ -69,7 +69,10 @@ def ldap_sync_password(sender, user: User, password: str, **_):
except LDAPOperationResult as exc: except LDAPOperationResult as exc:
Event.new( Event.new(
EventAction.CONFIGURATION_ERROR, EventAction.CONFIGURATION_ERROR,
message=f"Result: {exc.result}, Description {exc.description}", message=(
"Failed to change password in LDAP source due to remote error: "
f"{exc.result}, {exc.message}, {exc.description}"
),
source=source, source=source,
).set_user(user).save() ).set_user(user).save()
raise ValidationError("Failed to set password") from exc raise ValidationError("Failed to set password") from exc

View file

@ -135,9 +135,9 @@ class BaseLDAPSynchronizer:
if key == "attributes": if key == "attributes":
continue continue
setattr(instance, key, value) setattr(instance, key, value)
final_atttributes = {} final_attributes = {}
MERGE_LIST_UNIQUE.merge(final_atttributes, instance.attributes) MERGE_LIST_UNIQUE.merge(final_attributes, instance.attributes)
MERGE_LIST_UNIQUE.merge(final_atttributes, data.get("attributes", {})) MERGE_LIST_UNIQUE.merge(final_attributes, data.get("attributes", {}))
instance.attributes = final_atttributes instance.attributes = final_attributes
instance.save() instance.save()
return (instance, False) return (instance, False)

View file

@ -6,6 +6,7 @@ from django.db import transaction
from django.db.utils import IntegrityError, InternalError from django.db.utils import IntegrityError, InternalError
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from rest_framework.exceptions import ValidationError
from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER
from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
@ -148,7 +149,11 @@ class UserWriteStageView(StageView):
and SESSION_KEY_IMPERSONATE_USER not in self.request.session and SESSION_KEY_IMPERSONATE_USER not in self.request.session
): ):
should_update_session = True should_update_session = True
try:
self.update_user(user) self.update_user(user)
except ValidationError as exc:
self.logger.warning("failed to update user", exc=exc)
return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
# Extra check to prevent flows from saving a user with a blank username # Extra check to prevent flows from saving a user with a blank username
if user.username == "": if user.username == "":
self.logger.warning("Aborting write to empty username", user=user) self.logger.warning("Aborting write to empty username", user=user)
@ -162,7 +167,7 @@ class UserWriteStageView(StageView):
user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS]) user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS])
except (IntegrityError, ValueError, TypeError, InternalError) as exc: except (IntegrityError, ValueError, TypeError, InternalError) as exc:
self.logger.warning("Failed to save user", exc=exc) self.logger.warning("Failed to save user", exc=exc)
return self.executor.stage_invalid(_("Failed to save user")) return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
user_write.send(sender=self, request=request, user=user, data=data, created=user_created) user_write.send(sender=self, request=request, user=user, data=data, created=user_created)
# Check if the password has been updated, and update the session auth hash # Check if the password has been updated, and update the session auth hash
if should_update_session: if should_update_session: