diff options
-rw-r--r-- | accounts/__init__.py | 4 | ||||
-rw-r--r-- | accounts/backend/user/__init__.py | 9 | ||||
-rw-r--r-- | accounts/backend/user/dummy.py | 6 | ||||
-rw-r--r-- | accounts/backend/user/ldap.py | 11 | ||||
-rw-r--r-- | accounts/utils/__init__.py | 6 |
5 files changed, 25 insertions, 11 deletions
diff --git a/accounts/__init__.py b/accounts/__init__.py index d8abf32..e641e80 100644 --- a/accounts/__init__.py +++ b/accounts/__init__.py @@ -1,7 +1,6 @@ # -*- coding: utf-8 -*- import account -import ldap import os from flask import Flask, g, session from utils import * @@ -43,6 +42,7 @@ def initialize_user(): password = ensure_utf8(session['password']) try: g.user = current_app.user_backend.auth(username, password) - except ldap.INVALID_CREDENTIALS: + except (current_app.user_backend.NoSuchUserError, + current_app.user_backend.InvalidPasswordError): # we had crap in the session, delete it logout_user() diff --git a/accounts/backend/user/__init__.py b/accounts/backend/user/__init__.py index 749f284..f66c138 100644 --- a/accounts/backend/user/__init__.py +++ b/accounts/backend/user/__init__.py @@ -5,6 +5,10 @@ class NoSuchUserError(ValueError): pass +class InvalidPasswordError(ValueError): + pass + + class ShouldNotHappen(RuntimeError): pass @@ -52,6 +56,11 @@ class Backend(object): #: Exception type, that is raised if no matching user was found. self.NoSuchUserError = NoSuchUserError + #: Exception type, that is raised if you try to authenticate with + #: wrong password. Because this backend is stateless, this exception + #: could also be raised, if you want to change user information. + self.InvalidPasswordError = InvalidPasswordError + def auth(self, username, password): """ Tries to authenticate a user with a given password. If the diff --git a/accounts/backend/user/dummy.py b/accounts/backend/user/dummy.py index c4925fb..6bfb516 100644 --- a/accounts/backend/user/dummy.py +++ b/accounts/backend/user/dummy.py @@ -49,7 +49,7 @@ class DummyBackend(Backend): """ acc = self.get_by_uid(username) if acc.password != password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") return acc @@ -80,7 +80,7 @@ class DummyBackend(Backend): stored_account = self.get_by_uid(account.uid) if not as_admin: if stored_account.password != account.password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") self._storage = [acc for acc in self._storage if acc.uid != account.uid] new_acc = deepcopy(account) @@ -99,6 +99,6 @@ class DummyBackend(Backend): stored_account = self.get_by_uid(account.uid) if not as_admin: if stored_account.password != account.password: - raise ValueError("Invalid password") + raise self.InvalidPasswordError("Invalid password") self._storage = [acc for acc in self._storage if acc.uid != account.uid] diff --git a/accounts/backend/user/ldap.py b/accounts/backend/user/ldap.py index 5472caf..48cf9eb 100644 --- a/accounts/backend/user/ldap.py +++ b/accounts/backend/user/ldap.py @@ -28,7 +28,11 @@ class LdapBackend(Backend): """ self._bind_anonymous() dn = self._format_dn([('uid', username), ('ou','users')]) - dn_user, data_user = self.connection.search_s(dn, ldap.SCOPE_SUBTREE)[0] + + try: + dn_user, data_user = self.connection.search_s(dn, ldap.SCOPE_SUBTREE)[0] + except ldap.NO_SUCH_OBJECT: + raise self.NoSuchUserError('No such user') self._bind_as_user(username, password) uid = data_user['uid'][0] @@ -146,7 +150,10 @@ class LdapBackend(Backend): self.connection = ldap.initialize(self.ldap_host) self.connection.version = ldap.VERSION3 - self.connection.simple_bind_s(dn, password) + try: + self.connection.simple_bind_s(dn, password) + except ldap.INVALID_CREDENTIALS: + raise self.InvalidPasswordError("Invalid Password") def _bind_as_admin(self): if self.binded: diff --git a/accounts/utils/__init__.py b/accounts/utils/__init__.py index 1538fd6..2b0f566 100644 --- a/accounts/utils/__init__.py +++ b/accounts/utils/__init__.py @@ -1,7 +1,6 @@ # -*- coding: utf-8 -*- import hmac import importlib -import ldap import pickle import re import struct @@ -70,9 +69,8 @@ def login_user(username, password): try: g.user = current_app.user_backend.auth(username, password) - except ldap.INVALID_CREDENTIALS: - return False - except ldap.NO_SUCH_OBJECT: + except (current_app.user_backend.NoSuchUserError, + current_app.user_backend.InvalidPasswordError): return False session['username'] = username |