Mercurial > kallithea
changeset 6269:c073c723e264
auth: better handling of LDAP and authentication errors - don't log a stack trace ... but also don't reveal anything to the user
author | Mads Kiilerich <madski@unity3d.com> |
---|---|
date | Mon, 24 Oct 2016 15:18:51 +0200 |
parents | aa0560cfca9b |
children | a00a58323729 |
files | kallithea/lib/auth_modules/auth_ldap.py |
diffstat | 1 files changed, 7 insertions(+), 6 deletions(-) [+] |
line wrap: on
line diff
--- a/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 +++ b/kallithea/lib/auth_modules/auth_ldap.py Mon Oct 24 15:18:51 2016 +0200 @@ -353,12 +353,13 @@ log.info('user %s authenticated correctly', user_data['username']) return user_data - except (LdapUsernameError, LdapPasswordError, LdapImportError): - log.error(traceback.format_exc()) - return None - except Exception: - log.error(traceback.format_exc()) - return None + except LdapUsernameError: + log.info('Error authenticating %s with LDAP: User not found', username) + except LdapPasswordError: + log.info('Error authenticating %s with LDAP: Password error', username) + except LdapImportError: + log.error('Error authenticating %s with LDAP: LDAP not available', username) + return None def get_managed_fields(self): return ['username', 'firstname', 'lastname', 'email', 'password']