catch unallowed anonymous auth attempt and show specific error
This commit is contained in:
parent
b085f58553
commit
b9e5309757
5 changed files with 34 additions and 9 deletions
|
@ -34,16 +34,21 @@ $ldapWrapper = new OCA\user_ldap\lib\LDAP();
|
|||
$connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null);
|
||||
//needs to be true, otherwise it will also fail with an irritating message
|
||||
$_POST['ldap_configuration_active'] = 1;
|
||||
if($connection->setConfiguration($_POST)) {
|
||||
//Configuration is okay
|
||||
if($connection->bind()) {
|
||||
OCP\JSON::success(array('message'
|
||||
|
||||
try {
|
||||
if ($connection->setConfiguration($_POST)) {
|
||||
//Configuration is okay
|
||||
if ($connection->bind()) {
|
||||
OCP\JSON::success(array('message'
|
||||
=> $l->t('The configuration is valid and the connection could be established!')));
|
||||
} else {
|
||||
OCP\JSON::error(array('message'
|
||||
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
|
||||
}
|
||||
} else {
|
||||
OCP\JSON::error(array('message'
|
||||
=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
|
||||
}
|
||||
} else {
|
||||
OCP\JSON::error(array('message'
|
||||
=> $l->t('The configuration is invalid. Please have a look at the logs for further details.')));
|
||||
}
|
||||
} catch (\Exception $e) {
|
||||
OCP\JSON::error(array('message' => $e->getMessage()));
|
||||
}
|
||||
|
|
|
@ -165,6 +165,12 @@ OCA = OCA || {};
|
|||
* @inheritdoc
|
||||
*/
|
||||
overrideErrorMessage: function(message, key) {
|
||||
var original = message;
|
||||
message = this._super(message, key);
|
||||
if(original !== message) {
|
||||
// we pass the parents change
|
||||
return message;
|
||||
}
|
||||
switch(key) {
|
||||
case 'ldap_port':
|
||||
if (message === 'Invalid credentials') {
|
||||
|
@ -267,7 +273,8 @@ OCA = OCA || {};
|
|||
message = t('user_ldap', objectsFound + ' entries available within the provided Base DN');
|
||||
}
|
||||
} else {
|
||||
message = t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
|
||||
message = view.overrideErrorMessage(payload.data.message);
|
||||
message = message || t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
|
||||
if(payload.data.message) {
|
||||
console.warn(payload.data.message);
|
||||
}
|
||||
|
|
|
@ -70,6 +70,11 @@ OCA = OCA || {};
|
|||
* @returns {string}
|
||||
*/
|
||||
overrideErrorMessage: function(message, key) {
|
||||
if(message === 'LDAP authentication method rejected'
|
||||
&& !this.configModel.configuration.ldap_dn)
|
||||
{
|
||||
message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.');
|
||||
}
|
||||
return message;
|
||||
},
|
||||
|
||||
|
|
|
@ -122,6 +122,12 @@ OCA = OCA || {};
|
|||
* @inheritdoc
|
||||
*/
|
||||
overrideErrorMessage: function(message, key) {
|
||||
var original = message;
|
||||
message = this._super(message, key);
|
||||
if(original !== message) {
|
||||
// we pass the parents change
|
||||
return message;
|
||||
}
|
||||
if( key === 'ldap_userfilter_groups'
|
||||
&& message === 'memberOf is not supported by the server'
|
||||
) {
|
||||
|
|
|
@ -287,6 +287,8 @@ class LDAP implements ILDAPWrapper {
|
|||
//referrals, we switch them off, but then there is AD :)
|
||||
} else if ($errorCode === -1) {
|
||||
throw new ServerNotAvailableException('Lost connection to LDAP server.');
|
||||
} else if ($errorCode === 48) {
|
||||
throw new \Exception('LDAP authentication method rejected');
|
||||
} else {
|
||||
\OCP\Util::writeLog('user_ldap',
|
||||
'LDAP error '.$errorMsg.' (' .
|
||||
|
|
Loading…
Reference in a new issue