sources/ldap: improve error message (#5653)
* sources/ldap: improve ldap password change error message Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stages/user_write: handle validation error when updating user Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
This commit is contained in:
parent
3195a75b9a
commit
cd7de4c0b9
|
@ -69,7 +69,10 @@ def ldap_sync_password(sender, user: User, password: str, **_):
|
||||||
except LDAPOperationResult as exc:
|
except LDAPOperationResult as exc:
|
||||||
Event.new(
|
Event.new(
|
||||||
EventAction.CONFIGURATION_ERROR,
|
EventAction.CONFIGURATION_ERROR,
|
||||||
message=f"Result: {exc.result}, Description {exc.description}",
|
message=(
|
||||||
|
"Failed to change password in LDAP source due to remote error: "
|
||||||
|
f"{exc.result}, {exc.message}, {exc.description}"
|
||||||
|
),
|
||||||
source=source,
|
source=source,
|
||||||
).set_user(user).save()
|
).set_user(user).save()
|
||||||
raise ValidationError("Failed to set password") from exc
|
raise ValidationError("Failed to set password") from exc
|
||||||
|
|
|
@ -135,9 +135,9 @@ class BaseLDAPSynchronizer:
|
||||||
if key == "attributes":
|
if key == "attributes":
|
||||||
continue
|
continue
|
||||||
setattr(instance, key, value)
|
setattr(instance, key, value)
|
||||||
final_atttributes = {}
|
final_attributes = {}
|
||||||
MERGE_LIST_UNIQUE.merge(final_atttributes, instance.attributes)
|
MERGE_LIST_UNIQUE.merge(final_attributes, instance.attributes)
|
||||||
MERGE_LIST_UNIQUE.merge(final_atttributes, data.get("attributes", {}))
|
MERGE_LIST_UNIQUE.merge(final_attributes, data.get("attributes", {}))
|
||||||
instance.attributes = final_atttributes
|
instance.attributes = final_attributes
|
||||||
instance.save()
|
instance.save()
|
||||||
return (instance, False)
|
return (instance, False)
|
||||||
|
|
|
@ -6,6 +6,7 @@ from django.db import transaction
|
||||||
from django.db.utils import IntegrityError, InternalError
|
from django.db.utils import IntegrityError, InternalError
|
||||||
from django.http import HttpRequest, HttpResponse
|
from django.http import HttpRequest, HttpResponse
|
||||||
from django.utils.translation import gettext as _
|
from django.utils.translation import gettext as _
|
||||||
|
from rest_framework.exceptions import ValidationError
|
||||||
|
|
||||||
from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER
|
from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER
|
||||||
from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
|
from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
|
||||||
|
@ -148,7 +149,11 @@ class UserWriteStageView(StageView):
|
||||||
and SESSION_KEY_IMPERSONATE_USER not in self.request.session
|
and SESSION_KEY_IMPERSONATE_USER not in self.request.session
|
||||||
):
|
):
|
||||||
should_update_session = True
|
should_update_session = True
|
||||||
|
try:
|
||||||
self.update_user(user)
|
self.update_user(user)
|
||||||
|
except ValidationError as exc:
|
||||||
|
self.logger.warning("failed to update user", exc=exc)
|
||||||
|
return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
|
||||||
# Extra check to prevent flows from saving a user with a blank username
|
# Extra check to prevent flows from saving a user with a blank username
|
||||||
if user.username == "":
|
if user.username == "":
|
||||||
self.logger.warning("Aborting write to empty username", user=user)
|
self.logger.warning("Aborting write to empty username", user=user)
|
||||||
|
@ -162,7 +167,7 @@ class UserWriteStageView(StageView):
|
||||||
user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS])
|
user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS])
|
||||||
except (IntegrityError, ValueError, TypeError, InternalError) as exc:
|
except (IntegrityError, ValueError, TypeError, InternalError) as exc:
|
||||||
self.logger.warning("Failed to save user", exc=exc)
|
self.logger.warning("Failed to save user", exc=exc)
|
||||||
return self.executor.stage_invalid(_("Failed to save user"))
|
return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
|
||||||
user_write.send(sender=self, request=request, user=user, data=data, created=user_created)
|
user_write.send(sender=self, request=request, user=user, data=data, created=user_created)
|
||||||
# Check if the password has been updated, and update the session auth hash
|
# Check if the password has been updated, and update the session auth hash
|
||||||
if should_update_session:
|
if should_update_session:
|
||||||
|
|
Reference in New Issue