fix: (auth page) initialize checking ldap available before login connection to display correct message instean "Invalid username or password"
All checks were successful
Build and Push Docker Images / build (push) Successful in 1m21s
All checks were successful
Build and Push Docker Images / build (push) Successful in 1m21s
Signed-off-by: UdoChudo <stream@udochudo.ru>
This commit is contained in:
parent
4f7300e2ce
commit
d5f9d3be49
@ -1,9 +1,12 @@
|
|||||||
|
|
||||||
from flask import current_app
|
from flask import current_app
|
||||||
from flask_ldap3_login import LDAP3LoginManager, AuthenticationResponseStatus
|
from flask_ldap3_login import LDAP3LoginManager, AuthenticationResponseStatus
|
||||||
|
from ldap3.core.exceptions import LDAPSocketOpenError, LDAPServerPoolExhaustedError
|
||||||
from werkzeug.middleware.proxy_fix import ProxyFix
|
from werkzeug.middleware.proxy_fix import ProxyFix
|
||||||
|
|
||||||
import config
|
import config
|
||||||
|
|
||||||
|
|
||||||
def init_ldap(app):
|
def init_ldap(app):
|
||||||
app.config['LDAP_HOST'] = config.LDAP_HOST
|
app.config['LDAP_HOST'] = config.LDAP_HOST
|
||||||
app.config['LDAP_PORT'] = config.LDAP_PORT
|
app.config['LDAP_PORT'] = config.LDAP_PORT
|
||||||
@ -24,15 +27,41 @@ def init_ldap(app):
|
|||||||
ldap_manager.init_app(app)
|
ldap_manager.init_app(app)
|
||||||
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
|
app.wsgi_app = ProxyFix(app.wsgi_app, x_proto=1)
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def authenticate_user(username, password):
|
def authenticate_user(username, password):
|
||||||
ldap_manager = current_app.extensions['ldap3_login']
|
ldap_manager = current_app.extensions['ldap3_login']
|
||||||
|
|
||||||
|
try:
|
||||||
|
# Явно пытаемся подключиться к LDAP
|
||||||
|
conn = ldap_manager.connection
|
||||||
|
if not conn.bind():
|
||||||
|
current_app.logger.error(f"Ошибка соединения с LDAP: {conn.last_error}")
|
||||||
|
return False, None, "LDAP-сервер недоступен. Повторите попытку позже."
|
||||||
|
except LDAPServerPoolExhaustedError as e:
|
||||||
|
current_app.logger.error(f"LDAP сервер недоступен: {e}")
|
||||||
|
return False, None, "LDAP-сервер не отвечает. Повторите попытку позже."
|
||||||
|
except LDAPSocketOpenError as e:
|
||||||
|
current_app.logger.error(f"Ошибка подключения к LDAP: {e}")
|
||||||
|
return False, None, "Ошибка подключения к LDAP-серверу. Повторите попытку позже."
|
||||||
|
except Exception as e:
|
||||||
|
current_app.logger.exception("Непредвиденная ошибка при подключении к LDAP")
|
||||||
|
return False, None, "Внутренняя ошибка при подключении к LDAP."
|
||||||
|
|
||||||
|
try:
|
||||||
response = ldap_manager.authenticate(username, password)
|
response = ldap_manager.authenticate(username, password)
|
||||||
|
except Exception as e:
|
||||||
|
current_app.logger.exception("Ошибка при попытке аутентификации")
|
||||||
|
return False, None, "Ошибка при выполнении аутентификации."
|
||||||
|
|
||||||
if response.status == AuthenticationResponseStatus.success:
|
if response.status == AuthenticationResponseStatus.success:
|
||||||
return True, response.user_info, None
|
return True, response.user_info, None
|
||||||
elif response.status == AuthenticationResponseStatus.fail:
|
elif response.status == AuthenticationResponseStatus.fail:
|
||||||
return False, None, "Invalid username or password."
|
return False, None, "Неверное имя пользователя или пароль."
|
||||||
else:
|
else:
|
||||||
return False, None, f"LDAP Error: {response.status}"
|
return False, None, f"LDAP ошибка: {response.status}"
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
def parse_ldap_user(user_info):
|
def parse_ldap_user(user_info):
|
||||||
def get(attr):
|
def get(attr):
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user