diff options
author | Arthur Schiwon <blizzz@owncloud.com> | 2015-05-07 21:09:10 +0200 |
---|---|---|
committer | Thomas Müller <thomas.mueller@tmit.eu> | 2015-05-18 18:14:05 +0200 |
commit | b9e53097577499b519f9fcdd053421cb1507bab3 (patch) | |
tree | 993d979ffb581936309934c2a2d068f61c1ebdb2 | |
parent | b085f5855362bb8c305083c1d60ebfd459323a96 (diff) | |
download | nextcloud-server-b9e53097577499b519f9fcdd053421cb1507bab3.tar.gz nextcloud-server-b9e53097577499b519f9fcdd053421cb1507bab3.zip |
catch unallowed anonymous auth attempt and show specific error
-rw-r--r-- | apps/user_ldap/ajax/testConfiguration.php | 21 | ||||
-rw-r--r-- | apps/user_ldap/js/wizard/wizardTabElementary.js | 9 | ||||
-rw-r--r-- | apps/user_ldap/js/wizard/wizardTabGeneric.js | 5 | ||||
-rw-r--r-- | apps/user_ldap/js/wizard/wizardTabUserFilter.js | 6 | ||||
-rw-r--r-- | apps/user_ldap/lib/ldap.php | 2 |
5 files changed, 34 insertions, 9 deletions
diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php index 31f72a38e0b..289957764a1 100644 --- a/apps/user_ldap/ajax/testConfiguration.php +++ b/apps/user_ldap/ajax/testConfiguration.php @@ -34,16 +34,21 @@ $ldapWrapper = new OCA\user_ldap\lib\LDAP(); $connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null); //needs to be true, otherwise it will also fail with an irritating message $_POST['ldap_configuration_active'] = 1; -if($connection->setConfiguration($_POST)) { - //Configuration is okay - if($connection->bind()) { - OCP\JSON::success(array('message' + +try { + if ($connection->setConfiguration($_POST)) { + //Configuration is okay + if ($connection->bind()) { + OCP\JSON::success(array('message' => $l->t('The configuration is valid and the connection could be established!'))); + } else { + OCP\JSON::error(array('message' + => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.'))); + } } else { OCP\JSON::error(array('message' - => $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.'))); - } -} else { - OCP\JSON::error(array('message' => $l->t('The configuration is invalid. Please have a look at the logs for further details.'))); + } +} catch (\Exception $e) { + OCP\JSON::error(array('message' => $e->getMessage())); } diff --git a/apps/user_ldap/js/wizard/wizardTabElementary.js b/apps/user_ldap/js/wizard/wizardTabElementary.js index b8ab367dfd1..75664275a9c 100644 --- a/apps/user_ldap/js/wizard/wizardTabElementary.js +++ b/apps/user_ldap/js/wizard/wizardTabElementary.js @@ -165,6 +165,12 @@ OCA = OCA || {}; * @inheritdoc */ overrideErrorMessage: function(message, key) { + var original = message; + message = this._super(message, key); + if(original !== message) { + // we pass the parents change + return message; + } switch(key) { case 'ldap_port': if (message === 'Invalid credentials') { @@ -267,7 +273,8 @@ OCA = OCA || {}; message = t('user_ldap', objectsFound + ' entries available within the provided Base DN'); } } else { - message = t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.'); + message = view.overrideErrorMessage(payload.data.message); + message = message || t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.'); if(payload.data.message) { console.warn(payload.data.message); } diff --git a/apps/user_ldap/js/wizard/wizardTabGeneric.js b/apps/user_ldap/js/wizard/wizardTabGeneric.js index 720628fa609..c272df7e3cc 100644 --- a/apps/user_ldap/js/wizard/wizardTabGeneric.js +++ b/apps/user_ldap/js/wizard/wizardTabGeneric.js @@ -70,6 +70,11 @@ OCA = OCA || {}; * @returns {string} */ overrideErrorMessage: function(message, key) { + if(message === 'LDAP authentication method rejected' + && !this.configModel.configuration.ldap_dn) + { + message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.'); + } return message; }, diff --git a/apps/user_ldap/js/wizard/wizardTabUserFilter.js b/apps/user_ldap/js/wizard/wizardTabUserFilter.js index 992c1ccf379..4fe223ee075 100644 --- a/apps/user_ldap/js/wizard/wizardTabUserFilter.js +++ b/apps/user_ldap/js/wizard/wizardTabUserFilter.js @@ -122,6 +122,12 @@ OCA = OCA || {}; * @inheritdoc */ overrideErrorMessage: function(message, key) { + var original = message; + message = this._super(message, key); + if(original !== message) { + // we pass the parents change + return message; + } if( key === 'ldap_userfilter_groups' && message === 'memberOf is not supported by the server' ) { diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php index 74df3dd8ae7..48852a3a491 100644 --- a/apps/user_ldap/lib/ldap.php +++ b/apps/user_ldap/lib/ldap.php @@ -287,6 +287,8 @@ class LDAP implements ILDAPWrapper { //referrals, we switch them off, but then there is AD :) } else if ($errorCode === -1) { throw new ServerNotAvailableException('Lost connection to LDAP server.'); + } else if ($errorCode === 48) { + throw new \Exception('LDAP authentication method rejected'); } else { \OCP\Util::writeLog('user_ldap', 'LDAP error '.$errorMsg.' (' . |