catch unallowed anonymous auth attempt and show specific error

This commit is contained in:
Arthur Schiwon 2015-05-07 21:09:10 +02:00 committed by Thomas Müller
parent b085f58553
commit b9e5309757
5 changed files with 34 additions and 9 deletions

View file

@ -34,16 +34,21 @@ $ldapWrapper = new OCA\user_ldap\lib\LDAP();
$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null);
//needs to be true, otherwise it will also fail with an irritating message
$_POST['ldap_configuration_active'] = 1;
if($connection->setConfiguration($_POST)) {
//Configuration is okay
if($connection->bind()) {
OCP\JSON::success(array('message'
try {
if ($connection->setConfiguration($_POST)) {
//Configuration is okay
if ($connection->bind()) {
OCP\JSON::success(array('message'
=> $l->t('The configuration is valid and the connection could be established!')));
} else {
OCP\JSON::error(array('message'
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
}
} else {
OCP\JSON::error(array('message'
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
}
} else {
OCP\JSON::error(array('message'
=> $l->t('The configuration is invalid. Please have a look at the logs for further details.')));
}
} catch (\Exception $e) {
OCP\JSON::error(array('message' => $e->getMessage()));
}

View file

@ -165,6 +165,12 @@ OCA = OCA || {};
* @inheritdoc
*/
overrideErrorMessage: function(message, key) {
var original = message;
message = this._super(message, key);
if(original !== message) {
// we pass the parents change
return message;
}
switch(key) {
case 'ldap_port':
if (message === 'Invalid credentials') {
@ -267,7 +273,8 @@ OCA = OCA || {};
message = t('user_ldap', objectsFound + ' entries available within the provided Base DN');
}
} else {
message = t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
message = view.overrideErrorMessage(payload.data.message);
message = message || t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
if(payload.data.message) {
console.warn(payload.data.message);
}

View file

@ -70,6 +70,11 @@ OCA = OCA || {};
* @returns {string}
*/
overrideErrorMessage: function(message, key) {
if(message === 'LDAP authentication method rejected'
&& !this.configModel.configuration.ldap_dn)
{
message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.');
}
return message;
},

View file

@ -122,6 +122,12 @@ OCA = OCA || {};
* @inheritdoc
*/
overrideErrorMessage: function(message, key) {
var original = message;
message = this._super(message, key);
if(original !== message) {
// we pass the parents change
return message;
}
if( key === 'ldap_userfilter_groups'
&& message === 'memberOf is not supported by the server'
) {

View file

@ -287,6 +287,8 @@ class LDAP implements ILDAPWrapper {
//referrals, we switch them off, but then there is AD :)
} else if ($errorCode === -1) {
throw new ServerNotAvailableException('Lost connection to LDAP server.');
} else if ($errorCode === 48) {
throw new \Exception('LDAP authentication method rejected');
} else {
\OCP\Util::writeLog('user_ldap',
'LDAP error '.$errorMsg.' (' .