diff options
author | Alexander Sulfrian <alexander@sulfrian.net> | 2016-01-24 04:19:23 +0100 |
---|---|---|
committer | Alexander Sulfrian <alexander@sulfrian.net> | 2016-02-02 04:22:16 +0100 |
commit | 587b79a8470a0c069f1b1d81e01685baa5e6a39b (patch) | |
tree | 1ad93770716feb361443d33747337d2d16df36bc /accounts | |
parent | 5e7e7fc832d26178a6036ed483fe3cfffe2b22b2 (diff) | |
download | web-587b79a8470a0c069f1b1d81e01685baa5e6a39b.tar.gz web-587b79a8470a0c069f1b1d81e01685baa5e6a39b.tar.bz2 web-587b79a8470a0c069f1b1d81e01685baa5e6a39b.zip |
Use consistent exceptions for all user backends
Now all backends raise custom exception types and does not
forward the internal exception types. So there is no need
to import the ldap module in other modules.
Diffstat (limited to 'accounts')
-rw-r--r-- | accounts/__init__.py | 4 | ||||
-rw-r--r-- | accounts/backend/user/__init__.py | 9 | ||||
-rw-r--r-- | accounts/backend/user/dummy.py | 6 | ||||
-rw-r--r-- | accounts/backend/user/ldap.py | 11 | ||||
-rw-r--r-- | accounts/utils/__init__.py | 6 |
5 files changed, 25 insertions, 11 deletions
diff --git a/accounts/__init__.py b/accounts/__init__.py index d8abf32..e641e80 100644 --- a/accounts/__init__.py +++ b/accounts/__init__.py @@ -1,7 +1,6 @@ # -*- coding: utf-8 -*- import account -import ldap import os from flask import Flask, g, session from utils import * @@ -43,6 +42,7 @@ def initialize_user(): password = ensure_utf8(session['password']) try: g.user = current_app.user_backend.auth(username, password) - except ldap.INVALID_CREDENTIALS: + except (current_app.user_backend.NoSuchUserError, + current_app.user_backend.InvalidPasswordError): # we had crap in the session, delete it logout_user() diff --git a/accounts/backend/user/__init__.py b/accounts/backend/user/__init__.py index 749f284..f66c138 100644 --- a/accounts/backend/user/__init__.py +++ b/accounts/backend/user/__init__.py @@ -5,6 +5,10 @@ class NoSuchUserError(ValueError): pass +class InvalidPasswordError(ValueError): + pass + + class ShouldNotHappen(RuntimeError): pass @@ -52,6 +56,11 @@ class Backend(object): #: Exception type, that is raised if no matching user was found. self.NoSuchUserError = NoSuchUserError + #: Exception type, that is raised if you try to authenticate with + #: wrong password. Because this backend is stateless, this exception + #: could also be raised, if you want to change user information. + self.InvalidPasswordError = InvalidPasswordError + def auth(self, username, password): """ Tries to authenticate a user with a given password. If the diff --git a/accounts/backend/user/dummy.py b/accounts/backend/user/dummy.py index c4925fb..6bfb516 100644 --- a/accounts/backend/user/dummy.py +++ b/accounts/backend/user/dummy.py @@ -49,7 +49,7 @@ class DummyBackend(Backend): """ acc = self.get_by_uid(username) if acc.password != password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") return acc @@ -80,7 +80,7 @@ class DummyBackend(Backend): stored_account = self.get_by_uid(account.uid) if not as_admin: if stored_account.password != account.password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") self._storage = [acc for acc in self._storage if acc.uid != account.uid] new_acc = deepcopy(account) @@ -99,6 +99,6 @@ class DummyBackend(Backend): stored_account = self.get_by_uid(account.uid) if not as_admin: if stored_account.password != account.password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") self._storage = [acc for acc in self._storage if acc.uid != account.uid] diff --git a/accounts/backend/user/ldap.py b/accounts/backend/user/ldap.py index 5472caf..48cf9eb 100644 --- a/accounts/backend/user/ldap.py +++ b/accounts/backend/user/ldap.py @@ -28,7 +28,11 @@ class LdapBackend(Backend): """ self._bind_anonymous() dn = self._format_dn([('uid', username), ('ou','users')]) - dn_user, data_user = self.connection.search_s(dn, ldap.SCOPE_SUBTREE)[0] + + try: + dn_user, data_user = self.connection.search_s(dn, ldap.SCOPE_SUBTREE)[0] + except ldap.NO_SUCH_OBJECT: + raise self.NoSuchUserError('No such user') self._bind_as_user(username, password) uid = data_user['uid'][0] @@ -146,7 +150,10 @@ class LdapBackend(Backend): self.connection = ldap.initialize(self.ldap_host) self.connection.version = ldap.VERSION3 - self.connection.simple_bind_s(dn, password) + try: + self.connection.simple_bind_s(dn, password) + except ldap.INVALID_CREDENTIALS: + raise self.InvalidPasswordError("Invalid Password") def _bind_as_admin(self): if self.binded: diff --git a/accounts/utils/__init__.py b/accounts/utils/__init__.py index 1538fd6..2b0f566 100644 --- a/accounts/utils/__init__.py +++ b/accounts/utils/__init__.py @@ -1,7 +1,6 @@ # -*- coding: utf-8 -*- import hmac import importlib -import ldap import pickle import re import struct @@ -70,9 +69,8 @@ def login_user(username, password): try: g.user = current_app.user_backend.auth(username, password) - except ldap.INVALID_CREDENTIALS: - return False - except ldap.NO_SUCH_OBJECT: + except (current_app.user_backend.NoSuchUserError, + current_app.user_backend.InvalidPasswordError): return False session['username'] = username |