Project

General

Profile

Actions

Patch #19520

open

LDAP authentication exception handling

Added by Karel Pičman over 9 years ago. Updated over 9 years ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
LDAP
Target version:
-
Start date:
Due date:
% Done:

0%

Estimated time:

Description

In case of problems with a domain controler used for LDAP authentication Errno::ECONNRESET exception might be thrown. However, only AuthSourceException is caugth in the account controller. Therefore an Internal error is displayed to users after their logn attempt. I'd recomend either adding another exception handling or changing to a general exception as in the attached patch.

Errno::ECONNRESET (Connection reset by peer):
  app/models/auth_source_ldap.rb:178:in `get_user_dn'
  app/models/auth_source_ldap.rb:42:in `block in authenticate'
  app/models/auth_source_ldap.rb:98:in `block in with_timeout'
  app/models/auth_source_ldap.rb:97:in `with_timeout'
  app/models/auth_source_ldap.rb:41:in `authenticate'
  app/models/user.rb:271:in `check_password?'
  app/controllers/account_controller.rb:186:in `authenticate_user'
  app/controllers/account_controller.rb:40:in `login'


Files

auth_exception.patch (490 Bytes) auth_exception.patch Account controller patch Karel Pičman, 2015-03-30 09:25
Actions #1

Updated by Toshi MARUYAMA over 9 years ago

I don't like catching all exception in controller.
I think it is better catching in model.

diff --git a/app/models/auth_source.rb b/app/models/auth_source.rb
--- a/app/models/auth_source.rb
+++ b/app/models/auth_source.rb
@@ -18,6 +18,7 @@
 # Generic exception for when the AuthSource can not be reached
 # (eg. can not connect to the LDAP)
 class AuthSourceException < Exception; end
+class AuthSourceConnectResetException < AuthSourceException; end
 class AuthSourceTimeoutException < AuthSourceException; end

 class AuthSource < ActiveRecord::Base
diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb
--- a/app/models/auth_source_ldap.rb
+++ b/app/models/auth_source_ldap.rb
@@ -97,6 +97,8 @@ class AuthSourceLdap < AuthSource
     Timeout.timeout(timeout) do
       return yield
     end
+  rescue Errno::ECONNRESET => e
+    raise AuthSourceConnectResetException.new(e.message)
   rescue Timeout::Error => e
     raise AuthSourceTimeoutException.new(e.message)
   end

Actions #2

Updated by Toshi MARUYAMA over 9 years ago

  • Subject changed from Authentication exception handling to LDAP authentication exception handling
Actions

Also available in: Atom PDF