From ecb3a2ccef214a887c62dffbca46c3cfb2dde194 Mon Sep 17 00:00:00 2001 From: Tim Abbott Date: Thu, 31 May 2018 14:10:22 -0700 Subject: [PATCH] ldap: Clarify outside_ldap_domain exception logic. The previous logic made it look like catching ZulipLDAPException on the authenticate() line was possible, but it isn't, because that exception is actually being handled inside django-auth-ldap's authenticate method. --- zproject/backends.py | 14 ++++++++------ 1 file changed, 8 insertions(+), 6 deletions(-) diff --git a/zproject/backends.py b/zproject/backends.py index 3d64abd1ad..36c2e4af80 100644 --- a/zproject/backends.py +++ b/zproject/backends.py @@ -380,6 +380,8 @@ def email_belongs_to_ldap(realm: Realm, email: str) -> bool: return email.strip().lower().endswith("@" + settings.LDAP_APPEND_DOMAIN) class ZulipLDAPException(_LDAPUser.AuthenticationFailed): + """Since this inherits from _LDAPUser.AuthenticationFailed, these will + be caught and logged at debug level inside django-auth-ldap's authenticate()""" pass class ZulipLDAPExceptionOutsideDomain(ZulipLDAPException): @@ -433,14 +435,14 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase): try: username = self.django_to_ldap_username(username) - return ZulipLDAPAuthBackendBase.authenticate(self, - username=username, - password=password) - except ZulipLDAPException as e: - if isinstance(e, ZulipLDAPExceptionOutsideDomain): - return_data['outside_ldap_domain'] = True + except ZulipLDAPExceptionOutsideDomain: + return_data['outside_ldap_domain'] = True return None + return ZulipLDAPAuthBackendBase.authenticate(self, + username=username, + password=password) + def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]: if settings.LDAP_EMAIL_ATTR is not None: