From cd7de4c0b97d03edad1d3bca7b22a5804adf2fad Mon Sep 17 00:00:00 2001 From: Jens L Date: Wed, 17 May 2023 15:26:46 +0200 Subject: [PATCH] sources/ldap: improve error message (#5653) * sources/ldap: improve ldap password change error message Signed-off-by: Jens Langhammer * stages/user_write: handle validation error when updating user Signed-off-by: Jens Langhammer --------- Signed-off-by: Jens Langhammer --- authentik/sources/ldap/signals.py | 5 ++++- authentik/sources/ldap/sync/base.py | 8 ++++---- authentik/stages/user_write/stage.py | 9 +++++++-- 3 files changed, 15 insertions(+), 7 deletions(-) diff --git a/authentik/sources/ldap/signals.py b/authentik/sources/ldap/signals.py index a89e39077..32c622ded 100644 --- a/authentik/sources/ldap/signals.py +++ b/authentik/sources/ldap/signals.py @@ -69,7 +69,10 @@ def ldap_sync_password(sender, user: User, password: str, **_): except LDAPOperationResult as exc: Event.new( EventAction.CONFIGURATION_ERROR, - message=f"Result: {exc.result}, Description {exc.description}", + message=( + "Failed to change password in LDAP source due to remote error: " + f"{exc.result}, {exc.message}, {exc.description}" + ), source=source, ).set_user(user).save() raise ValidationError("Failed to set password") from exc diff --git a/authentik/sources/ldap/sync/base.py b/authentik/sources/ldap/sync/base.py index 5bf412bd5..4ab18d179 100644 --- a/authentik/sources/ldap/sync/base.py +++ b/authentik/sources/ldap/sync/base.py @@ -135,9 +135,9 @@ class BaseLDAPSynchronizer: if key == "attributes": continue setattr(instance, key, value) - final_atttributes = {} - MERGE_LIST_UNIQUE.merge(final_atttributes, instance.attributes) - MERGE_LIST_UNIQUE.merge(final_atttributes, data.get("attributes", {})) - instance.attributes = final_atttributes + final_attributes = {} + MERGE_LIST_UNIQUE.merge(final_attributes, instance.attributes) + MERGE_LIST_UNIQUE.merge(final_attributes, data.get("attributes", {})) + instance.attributes = final_attributes instance.save() return (instance, False) diff --git a/authentik/stages/user_write/stage.py b/authentik/stages/user_write/stage.py index 88eaf48ce..2319e7414 100644 --- a/authentik/stages/user_write/stage.py +++ b/authentik/stages/user_write/stage.py @@ -6,6 +6,7 @@ from django.db import transaction from django.db.utils import IntegrityError, InternalError from django.http import HttpRequest, HttpResponse from django.utils.translation import gettext as _ +from rest_framework.exceptions import ValidationError from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection @@ -148,7 +149,11 @@ class UserWriteStageView(StageView): and SESSION_KEY_IMPERSONATE_USER not in self.request.session ): should_update_session = True - self.update_user(user) + try: + self.update_user(user) + except ValidationError as exc: + self.logger.warning("failed to update user", exc=exc) + return self.executor.stage_invalid(_("Failed to update user. Please try again later.")) # Extra check to prevent flows from saving a user with a blank username if user.username == "": self.logger.warning("Aborting write to empty username", user=user) @@ -162,7 +167,7 @@ class UserWriteStageView(StageView): user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS]) except (IntegrityError, ValueError, TypeError, InternalError) as exc: self.logger.warning("Failed to save user", exc=exc) - return self.executor.stage_invalid(_("Failed to save user")) + return self.executor.stage_invalid(_("Failed to update user. Please try again later.")) user_write.send(sender=self, request=request, user=user, data=data, created=user_created) # Check if the password has been updated, and update the session auth hash if should_update_session: