sources/ldap: improve error message (#5653)
* sources/ldap: improve ldap password change error message Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stages/user_write: handle validation error when updating user Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
3195a75b9a
commit
cd7de4c0b9
|
@ -69,7 +69,10 @@ def ldap_sync_password(sender, user: User, password: str, **_):
|
|||
except LDAPOperationResult as exc:
|
||||
Event.new(
|
||||
EventAction.CONFIGURATION_ERROR,
|
||||
message=f"Result: {exc.result}, Description {exc.description}",
|
||||
message=(
|
||||
"Failed to change password in LDAP source due to remote error: "
|
||||
f"{exc.result}, {exc.message}, {exc.description}"
|
||||
),
|
||||
source=source,
|
||||
).set_user(user).save()
|
||||
raise ValidationError("Failed to set password") from exc
|
||||
|
|
|
@ -135,9 +135,9 @@ class BaseLDAPSynchronizer:
|
|||
if key == "attributes":
|
||||
continue
|
||||
setattr(instance, key, value)
|
||||
final_atttributes = {}
|
||||
MERGE_LIST_UNIQUE.merge(final_atttributes, instance.attributes)
|
||||
MERGE_LIST_UNIQUE.merge(final_atttributes, data.get("attributes", {}))
|
||||
instance.attributes = final_atttributes
|
||||
final_attributes = {}
|
||||
MERGE_LIST_UNIQUE.merge(final_attributes, instance.attributes)
|
||||
MERGE_LIST_UNIQUE.merge(final_attributes, data.get("attributes", {}))
|
||||
instance.attributes = final_attributes
|
||||
instance.save()
|
||||
return (instance, False)
|
||||
|
|
|
@ -6,6 +6,7 @@ from django.db import transaction
|
|||
from django.db.utils import IntegrityError, InternalError
|
||||
from django.http import HttpRequest, HttpResponse
|
||||
from django.utils.translation import gettext as _
|
||||
from rest_framework.exceptions import ValidationError
|
||||
|
||||
from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER
|
||||
from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
|
||||
|
@ -148,7 +149,11 @@ class UserWriteStageView(StageView):
|
|||
and SESSION_KEY_IMPERSONATE_USER not in self.request.session
|
||||
):
|
||||
should_update_session = True
|
||||
self.update_user(user)
|
||||
try:
|
||||
self.update_user(user)
|
||||
except ValidationError as exc:
|
||||
self.logger.warning("failed to update user", exc=exc)
|
||||
return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
|
||||
# Extra check to prevent flows from saving a user with a blank username
|
||||
if user.username == "":
|
||||
self.logger.warning("Aborting write to empty username", user=user)
|
||||
|
@ -162,7 +167,7 @@ class UserWriteStageView(StageView):
|
|||
user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS])
|
||||
except (IntegrityError, ValueError, TypeError, InternalError) as exc:
|
||||
self.logger.warning("Failed to save user", exc=exc)
|
||||
return self.executor.stage_invalid(_("Failed to save user"))
|
||||
return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
|
||||
user_write.send(sender=self, request=request, user=user, data=data, created=user_created)
|
||||
# Check if the password has been updated, and update the session auth hash
|
||||
if should_update_session:
|
||||
|
|
Reference in a new issue