sources/ldap: improve error handling for password complexity (#4780)

Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-02-24 11:39:43 +01:00 · 2023-02-24 11:39:43 +01:00 · 26f3275361
parent 6441401d94
commit 26f3275361
1 changed files with 5 additions and 2 deletions
--- a/authentik/sources/ldap/password.py
+++ b/authentik/sources/ldap/password.py
@ -71,10 +71,13 @@ class LDAPPasswordChanger:
        except (LDAPAttributeError, KeyError, IndexError):
            return False
        raw_pwd_properties = root_attrs.get("attributes", {}).get("pwdProperties", None)
-        if raw_pwd_properties is None:
+        if not raw_pwd_properties:
            return False

+        try:
            pwd_properties = PwdProperties(raw_pwd_properties)
+        except ValueError:
+            return False
        if PwdProperties.DOMAIN_PASSWORD_COMPLEX in pwd_properties:
            return True