*: improve error handling in ldap outpost, ignore additional errors
Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
parent
0cc6a24c90
commit
50819ae0f0
|
@ -1,4 +1,5 @@
|
|||
"""authentik sentry integration"""
|
||||
from asyncio.exceptions import CancelledError
|
||||
from typing import Any, Optional
|
||||
|
||||
from aioredis.errors import ConnectionClosedError, ReplyError
|
||||
|
@ -143,6 +144,8 @@ def before_send(event: dict, hint: dict) -> Optional[dict]:
|
|||
DockerException,
|
||||
# End-user errors
|
||||
Http404,
|
||||
# AsyncIO
|
||||
CancelledError,
|
||||
)
|
||||
exc_value = None
|
||||
if "exc_info" in hint:
|
||||
|
|
|
@ -51,7 +51,7 @@ class GroupLDAPSynchronizer(BaseLDAPSynchronizer):
|
|||
},
|
||||
defaults,
|
||||
)
|
||||
except (IntegrityError, FieldError, TypeError) as exc:
|
||||
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
||||
Event.new(
|
||||
EventAction.CONFIGURATION_ERROR,
|
||||
message=(
|
||||
|
|
|
@ -45,7 +45,7 @@ class UserLDAPSynchronizer(BaseLDAPSynchronizer):
|
|||
ak_user, created = self.update_or_create_attributes(
|
||||
User, {f"attributes__{LDAP_UNIQUENESS}": uniq}, defaults
|
||||
)
|
||||
except (IntegrityError, FieldError, TypeError) as exc:
|
||||
except (IntegrityError, FieldError, TypeError, AttributeError) as exc:
|
||||
Event.new(
|
||||
EventAction.CONFIGURATION_ERROR,
|
||||
message=(
|
||||
|
|
|
@ -169,7 +169,11 @@ func (fe *FlowExecutor) getInitialChallenge() (*api.ChallengeTypes, error) {
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
ch := challenge.GetActualInstance().(challengeInt)
|
||||
i := challenge.GetActualInstance()
|
||||
if i == nil {
|
||||
return nil, errors.New("response instance was null")
|
||||
}
|
||||
ch := i.(challengeInt)
|
||||
fe.log.WithField("component", ch.GetComponent()).WithField("type", ch.GetType()).Debug("Got challenge")
|
||||
gcsp.SetTag("authentik.flow.challenge", string(ch.GetType()))
|
||||
gcsp.SetTag("authentik.flow.component", ch.GetComponent())
|
||||
|
@ -185,7 +189,11 @@ func (fe *FlowExecutor) solveFlowChallenge(challenge *api.ChallengeTypes, depth
|
|||
// Resole challenge
|
||||
scsp := sentry.StartSpan(fe.Context, "authentik.outposts.flow_executor.solve_challenge")
|
||||
responseReq := fe.api.FlowsApi.FlowsExecutorSolve(scsp.Context(), fe.flowSlug).Query(fe.Params.Encode())
|
||||
ch := challenge.GetActualInstance().(challengeInt)
|
||||
i := challenge.GetActualInstance()
|
||||
if i == nil {
|
||||
return false, errors.New("response request instance was null")
|
||||
}
|
||||
ch := i.(challengeInt)
|
||||
|
||||
// Check for any validation errors that we might've gotten
|
||||
if len(ch.GetResponseErrors()) > 0 {
|
||||
|
@ -218,7 +226,11 @@ func (fe *FlowExecutor) solveFlowChallenge(challenge *api.ChallengeTypes, depth
|
|||
if err != nil {
|
||||
return false, fmt.Errorf("failed to submit challenge %w", err)
|
||||
}
|
||||
ch = response.GetActualInstance().(challengeInt)
|
||||
i = response.GetActualInstance()
|
||||
if i == nil {
|
||||
return false, errors.New("response instance was null")
|
||||
}
|
||||
ch = i.(challengeInt)
|
||||
fe.log.WithField("component", ch.GetComponent()).WithField("type", ch.GetType()).Debug("Got response")
|
||||
scsp.SetTag("authentik.flow.challenge", string(ch.GetType()))
|
||||
scsp.SetTag("authentik.flow.component", ch.GetComponent())
|
||||
|
|
|
@ -11,6 +11,12 @@ func (pi *ProviderInstance) UserEntry(u api.User) *ldap.Entry {
|
|||
dn := pi.GetUserDN(u.Username)
|
||||
attrs := utils.AKAttrsToLDAP(u.Attributes)
|
||||
|
||||
if u.IsActive == nil {
|
||||
u.IsActive = api.PtrBool(false)
|
||||
}
|
||||
if u.Email == nil {
|
||||
u.Email = api.PtrString("")
|
||||
}
|
||||
attrs = utils.EnsureAttributes(attrs, map[string][]string{
|
||||
"memberOf": pi.GroupsForUser(u),
|
||||
"goauthentik.io/ldap/active": {utils.BoolToString(*u.IsActive)},
|
||||
|
|
|
@ -24,6 +24,7 @@ export async function configureSentry(canDoPpi = false): Promise<Config> {
|
|||
/instantSearchSDKJSBridgeClearHighlight/gi,
|
||||
// Seems to be an issue in Safari and Firefox
|
||||
/MutationObserver.observe/gi,
|
||||
/NS_ERROR_FAILURE/gi,
|
||||
],
|
||||
release: `authentik@${VERSION}`,
|
||||
tunnel: "/api/v3/sentry/",
|
||||
|
|
Reference in a new issue