ldap: Clarify outside_ldap_domain exception logic.

The previous logic made it look like catching ZulipLDAPException on the authenticate() line was possible, but it isn't, because that exception is actually being handled inside django-auth-ldap's authenticate method.
2018-05-31 14:10:22 -07:00 · 2018-05-31 14:10:22 -07:00 · ecb3a2ccef
parent bab69a325f
commit ecb3a2ccef
1 changed files with 8 additions and 6 deletions
--- a/zproject/backends.py
+++ b/zproject/backends.py
@ -380,6 +380,8 @@ def email_belongs_to_ldap(realm: Realm, email: str) -> bool:
    return email.strip().lower().endswith("@" + settings.LDAP_APPEND_DOMAIN)

 class ZulipLDAPException(_LDAPUser.AuthenticationFailed):
+    """Since this inherits from _LDAPUser.AuthenticationFailed, these will
+    be caught and logged at debug level inside django-auth-ldap's authenticate()"""
    pass

 class ZulipLDAPExceptionOutsideDomain(ZulipLDAPException):
@ -433,14 +435,14 @@ class ZulipLDAPAuthBackend(ZulipLDAPAuthBackendBase):

        try:
            username = self.django_to_ldap_username(username)
-            return ZulipLDAPAuthBackendBase.authenticate(self,
-                                                         username=username,
-                                                         password=password)
-        except ZulipLDAPException as e:
-            if isinstance(e, ZulipLDAPExceptionOutsideDomain):
-                return_data['outside_ldap_domain'] = True
+        except ZulipLDAPExceptionOutsideDomain:
+            return_data['outside_ldap_domain'] = True
            return None

+        return ZulipLDAPAuthBackendBase.authenticate(self,
+                                                     username=username,
+                                                     password=password)
+
    def get_or_build_user(self, username: str, ldap_user: _LDAPUser) -> Tuple[UserProfile, bool]:

        if settings.LDAP_EMAIL_ATTR is not None: