trustchain-oc1-orchestral
/
authentik
Archived
10
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

stages/password: handle authenticate() throwing a ValidationError 

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
This commit is contained in:
Jens Langhammer 2021-04-08 23:13:25 +02:00
parent aefeb5bacf
commit 7b0005ac42
1 changed files with 7 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
authentik/stages/password/stage.py
View File

@ -8,7 +8,7 @@ from django.core.exceptions import PermissionDenied
from django.http import HttpRequest, HttpResponse from django.http import HttpRequest, HttpResponse
from django.urls import reverse from django.urls import reverse
from django.utils.translation import gettext as _ from django.utils.translation import gettext as _
from rest_framework.exceptions import ErrorDetail from rest_framework.exceptions import ErrorDetail, ValidationError
from rest_framework.fields import CharField from rest_framework.fields import CharField
from structlog.stdlib import get_logger from structlog.stdlib import get_logger
@ -127,6 +127,12 @@ class PasswordStageView(ChallengeStageView):
# User was found, but permission was denied (i.e. user is not active) # User was found, but permission was denied (i.e. user is not active)
LOGGER.debug("Denied access", **auth_kwargs) LOGGER.debug("Denied access", **auth_kwargs)
return self.executor.stage_invalid() return self.executor.stage_invalid()
except ValidationError as exc:
del auth_kwargs["password"]
# User was found, authentication succeeded, but another signal raised an error
# (most likely LDAP)
LOGGER.debug("Validation error from signal", exc=exc, **auth_kwargs)
return self.executor.stage_invalid()
else: else:
if not user: if not user:
# No user was found -> invalid credentials # No user was found -> invalid credentials