Changes User.try_to_login to catch and log AuthSourceExceptions, and introduces User.try_to_login! replicating the original behavior (#34071).

Patch by Jens Krämer. git-svn-id: http://svn.redmine.org/redmine/trunk@20547 e93f8b46-1217-0410-a6f0-8f06a7374b81
2025-12-26 10:21:14 +00:00 · 2020-12-02 13:56:15 +00:00 · 2020-12-02 13:56:15 +00:00 · 1dcebf8ce0
commit 1dcebf8ce0
parent f9d6dc3031
3 changed files with 35 additions and 7 deletions
--- a/app/controllers/account_controller.rb
+++ b/app/controllers/account_controller.rb
@ -308,7 +308,7 @@ class AccountController < ApplicationController
  end

  def password_authentication
-    user = User.try_to_login(params[:username], params[:password], false)
+    user = User.try_to_login!(params[:username], params[:password], false)

    if user.nil?
      invalid_credentials
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -221,7 +221,17 @@ class User < Principal
  end

  # Returns the user that matches provided login and password, or nil
+  # AuthSource errors are caught, logged and nil is returned.
  def self.try_to_login(login, password, active_only=true)
+    try_to_login!(login, password, active_only)
+  rescue AuthSourceException => e
+    logger.error "An error occured when authenticating #{login}: #{e.message}"
+    nil
+  end
+
+  # Returns the user that matches provided login and password, or nil
+  # AuthSource errors are passed through.
+  def self.try_to_login!(login, password, active_only=true)
    login = login.to_s.strip
    password = password.to_s

--- a/test/unit/user_test.rb
+++ b/test/unit/user_test.rb
@ -695,13 +695,31 @@ class UserTest < ActiveSupport::TestCase
    assert_equal "ADMIN", user.login
  end

-  if ldap_configured?
-    test "#try_to_login using LDAP with failed connection to the LDAP server" do
-      auth_source = AuthSourceLdap.find(1)
-      AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect')
+  test "#try_to_login! using LDAP with existing user and failed connection to the LDAP server" do
+    auth_source = AuthSourceLdap.find(1)
+    user = users(:users_001)
+    user.update_column :auth_source_id, auth_source.id
+    AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect')
+    assert_raise(AuthSourceException){ User.try_to_login!('admin', 'admin') }
+  end

-      assert_nil User.try_to_login('edavis', 'wrong')
-    end
+  test "#try_to_login using LDAP with existing user and failed connection to the LDAP server" do
+    auth_source = AuthSourceLdap.find(1)
+    user = users(:users_001)
+    user.update_column :auth_source_id, auth_source.id
+    AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect')
+    assert_nil User.try_to_login('admin', 'admin')
+  end
+
+  test "#try_to_login using LDAP with new user and failed connection to the LDAP server" do
+    auth_source = AuthSourceLdap.find(1)
+    auth_source.update onthefly_register: true
+    AuthSource.any_instance.stubs(:initialize_ldap_con).raises(Net::LDAP::Error, 'Cannot connect')
+
+    assert_nil User.try_to_login('edavis', 'wrong')
+  end
+
+  if ldap_configured?

    test "#try_to_login using LDAP" do
      assert_nil User.try_to_login('edavis', 'wrong')