[Pkg-owncloud-commits] [owncloud] 48/457: catch unallowed anonymous auth attempt and show specific error

David Prévot taffit at moszumanska.debian.org
Sun Jun 28 20:05:23 UTC 2015 

This is an automated email from the git hooks/post-receive script.

taffit pushed a commit to branch stable8
in repository owncloud.

commit b9e53097577499b519f9fcdd053421cb1507bab3
Author: Arthur Schiwon <blizzz at owncloud.com>
Date:   Thu May 7 21:09:10 2015 +0200

    catch unallowed anonymous auth attempt and show specific error
---
 apps/user_ldap/ajax/testConfiguration.php       | 21 +++++++++++++--------
 apps/user_ldap/js/wizard/wizardTabElementary.js |  9 ++++++++-
 apps/user_ldap/js/wizard/wizardTabGeneric.js    |  5 +++++
 apps/user_ldap/js/wizard/wizardTabUserFilter.js |  6 ++++++
 apps/user_ldap/lib/ldap.php                     |  2 ++
 5 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php
index 31f72a3..2899577 100644
--- a/apps/user_ldap/ajax/testConfiguration.php
+++ b/apps/user_ldap/ajax/testConfiguration.php
@@ -34,16 +34,21 @@ $ldapWrapper = new OCA\user_ldap\lib\LDAP();
 $connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null);
 //needs to be true, otherwise it will also fail with an irritating message
 $_POST['ldap_configuration_active'] = 1;
-if($connection->setConfiguration($_POST)) {
-	//Configuration is okay
-	if($connection->bind()) {
-		OCP\JSON::success(array('message'
+
+try {
+	if ($connection->setConfiguration($_POST)) {
+		//Configuration is okay
+		if ($connection->bind()) {
+			OCP\JSON::success(array('message'
 			=> $l->t('The configuration is valid and the connection could be established!')));
+		} else {
+			OCP\JSON::error(array('message'
+			=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
+		}
 	} else {
 		OCP\JSON::error(array('message'
-			=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
-	}
-} else {
-	OCP\JSON::error(array('message'
 		=> $l->t('The configuration is invalid. Please have a look at the logs for further details.')));
+	}
+} catch (\Exception $e) {
+	OCP\JSON::error(array('message' => $e->getMessage()));
 }
diff --git a/apps/user_ldap/js/wizard/wizardTabElementary.js b/apps/user_ldap/js/wizard/wizardTabElementary.js
index b8ab367..7566427 100644
--- a/apps/user_ldap/js/wizard/wizardTabElementary.js
+++ b/apps/user_ldap/js/wizard/wizardTabElementary.js
@@ -165,6 +165,12 @@ OCA = OCA || {};
 		 * @inheritdoc
 		 */
 		overrideErrorMessage: function(message, key) {
+			var original = message;
+			message = this._super(message, key);
+			if(original !== message) {
+				// we pass the parents change
+				return message;
+			}
 			switch(key) {
 				case 'ldap_port':
 					if (message === 'Invalid credentials') {
@@ -267,7 +273,8 @@ OCA = OCA || {};
 						message = t('user_ldap', objectsFound + ' entries available within the provided Base DN');
 					}
 				} else {
-					message = t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
+					message = view.overrideErrorMessage(payload.data.message);
+					message = message || t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
 					if(payload.data.message) {
 						console.warn(payload.data.message);
 					}
diff --git a/apps/user_ldap/js/wizard/wizardTabGeneric.js b/apps/user_ldap/js/wizard/wizardTabGeneric.js
index 720628f..c272df7 100644
--- a/apps/user_ldap/js/wizard/wizardTabGeneric.js
+++ b/apps/user_ldap/js/wizard/wizardTabGeneric.js
@@ -70,6 +70,11 @@ OCA = OCA || {};
 		 * @returns {string}
 		 */
 		overrideErrorMessage: function(message, key) {
+			if(message === 'LDAP authentication method rejected'
+				&& !this.configModel.configuration.ldap_dn)
+			{
+				message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.');
+			}
 			return message;
 		},
 
diff --git a/apps/user_ldap/js/wizard/wizardTabUserFilter.js b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
index 992c1cc..4fe223e 100644
--- a/apps/user_ldap/js/wizard/wizardTabUserFilter.js
+++ b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
@@ -122,6 +122,12 @@ OCA = OCA || {};
 		 * @inheritdoc
 		 */
 		overrideErrorMessage: function(message, key) {
+			var original = message;
+			message = this._super(message, key);
+			if(original !== message) {
+				// we pass the parents change
+				return message;
+			}
 			if(   key === 'ldap_userfilter_groups'
 			   && message === 'memberOf is not supported by the server'
 			) {
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index 74df3dd..48852a3 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -287,6 +287,8 @@ class LDAP implements ILDAPWrapper {
 					//referrals, we switch them off, but then there is AD :)
 				} else if ($errorCode === -1) {
 					throw new ServerNotAvailableException('Lost connection to LDAP server.');
+				} else if ($errorCode === 48) {
+					throw new \Exception('LDAP authentication method rejected');
 				} else {
 					\OCP\Util::writeLog('user_ldap',
 										'LDAP error '.$errorMsg.' (' .

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-owncloud/owncloud.git

More information about the Pkg-owncloud-commits mailing list