stages/password: handle authenticate() throwing a ValidationError

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-04-08 23:13:25 +02:00 · 2021-04-08 23:13:25 +02:00 · 7b0005ac42
parent aefeb5bacf
commit 7b0005ac42
1 changed files with 7 additions and 1 deletions
--- a/authentik/stages/password/stage.py
+++ b/authentik/stages/password/stage.py
@ -8,7 +8,7 @@ from django.core.exceptions import PermissionDenied
 from django.http import HttpRequest, HttpResponse
 from django.urls import reverse
 from django.utils.translation import gettext as _
-from rest_framework.exceptions import ErrorDetail
+from rest_framework.exceptions import ErrorDetail, ValidationError
 from rest_framework.fields import CharField
 from structlog.stdlib import get_logger

@ -127,6 +127,12 @@ class PasswordStageView(ChallengeStageView):
            # User was found, but permission was denied (i.e. user is not active)
            LOGGER.debug("Denied access", **auth_kwargs)
            return self.executor.stage_invalid()
+        except ValidationError as exc:
+            del auth_kwargs["password"]
+            # User was found, authentication succeeded, but another signal raised an error
+            # (most likely LDAP)
+            LOGGER.debug("Validation error from signal", exc=exc, **auth_kwargs)
+            return self.executor.stage_invalid()
        else:
            if not user:
                # No user was found -> invalid credentials