sources/ldap: improve error message (#5653)

* sources/ldap: improve ldap password change error message Signed-off-by: Jens Langhammer <jens@goauthentik.io> * stages/user_write: handle validation error when updating user Signed-off-by: Jens Langhammer <jens@goauthentik.io> --------- Signed-off-by: Jens Langhammer <jens@goauthentik.io>
2023-05-17 15:26:46 +02:00 · 2023-05-17 15:26:46 +02:00 · cd7de4c0b9
parent 3195a75b9a
commit cd7de4c0b9
3 changed files with 15 additions and 7 deletions
--- a/authentik/sources/ldap/signals.py
+++ b/authentik/sources/ldap/signals.py
@ -69,7 +69,10 @@ def ldap_sync_password(sender, user: User, password: str, **_):
    except LDAPOperationResult as exc:
        Event.new(
            EventAction.CONFIGURATION_ERROR,
-            message=f"Result: {exc.result}, Description {exc.description}",
+            message=(
+                "Failed to change password in LDAP source due to remote error: "
+                f"{exc.result}, {exc.message}, {exc.description}"
+            ),
            source=source,
        ).set_user(user).save()
        raise ValidationError("Failed to set password") from exc
--- a/authentik/sources/ldap/sync/base.py
+++ b/authentik/sources/ldap/sync/base.py
@ -135,9 +135,9 @@ class BaseLDAPSynchronizer:
            if key == "attributes":
                continue
            setattr(instance, key, value)
-        final_atttributes = {}
-        MERGE_LIST_UNIQUE.merge(final_atttributes, instance.attributes)
-        MERGE_LIST_UNIQUE.merge(final_atttributes, data.get("attributes", {}))
-        instance.attributes = final_atttributes
+        final_attributes = {}
+        MERGE_LIST_UNIQUE.merge(final_attributes, instance.attributes)
+        MERGE_LIST_UNIQUE.merge(final_attributes, data.get("attributes", {}))
+        instance.attributes = final_attributes
        instance.save()
        return (instance, False)
--- a/authentik/stages/user_write/stage.py
+++ b/authentik/stages/user_write/stage.py
@ -6,6 +6,7 @@ from django.db import transaction
 from django.db.utils import IntegrityError, InternalError
 from django.http import HttpRequest, HttpResponse
 from django.utils.translation import gettext as _
+from rest_framework.exceptions import ValidationError

 from authentik.core.middleware import SESSION_KEY_IMPERSONATE_USER
 from authentik.core.models import USER_ATTRIBUTE_SOURCES, User, UserSourceConnection
@ -148,7 +149,11 @@ class UserWriteStageView(StageView):
            and SESSION_KEY_IMPERSONATE_USER not in self.request.session
        ):
            should_update_session = True
+        try:
            self.update_user(user)
+        except ValidationError as exc:
+            self.logger.warning("failed to update user", exc=exc)
+            return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
        # Extra check to prevent flows from saving a user with a blank username
        if user.username == "":
            self.logger.warning("Aborting write to empty username", user=user)
@ -162,7 +167,7 @@ class UserWriteStageView(StageView):
                    user.ak_groups.add(*self.executor.plan.context[PLAN_CONTEXT_GROUPS])
        except (IntegrityError, ValueError, TypeError, InternalError) as exc:
            self.logger.warning("Failed to save user", exc=exc)
-            return self.executor.stage_invalid(_("Failed to save user"))
+            return self.executor.stage_invalid(_("Failed to update user. Please try again later."))
        user_write.send(sender=self, request=request, user=user, data=data, created=user_created)
        # Check if the password has been updated, and update the session auth hash
        if should_update_session: