From 8cdadd6951a2ea6dcdadd9a4bf783f304f270849 Mon Sep 17 00:00:00 2001
From: Julian Rother <julianr@fsmpi.rwth-aachen.de>
Date: Wed, 4 Nov 2020 04:16:23 +0100
Subject: [PATCH] handle LDAPPasswordIsMandatoryError in user_conn, closes #27

---
 tests/test_session.py | 1 -
 uffd/ldap/ldap.py     | 9 ++++++---
 2 files changed, 6 insertions(+), 4 deletions(-)

diff --git a/tests/test_session.py b/tests/test_session.py
index d3e00d7a..70e32882 100644
--- a/tests/test_session.py
+++ b/tests/test_session.py
@@ -75,7 +75,6 @@ class TestSession(UffdTestCase):
 		self.assertEqual(r.status_code, 200)
 		self.assertLogout()
 
-	@unittest.skip('See #27')
 	def test_empty_password(self):
 		r = self.client.post(path=url_for('session.login'),
 			data={'loginname': 'testuser', 'password': ''}, follow_redirects=True)
diff --git a/uffd/ldap/ldap.py b/uffd/ldap/ldap.py
index 6e2f40dd..880e86ad 100644
--- a/uffd/ldap/ldap.py
+++ b/uffd/ldap/ldap.py
@@ -2,7 +2,7 @@ import string
 
 from flask import Blueprint, current_app
 from ldap3.utils.conv import escape_filter_chars
-from ldap3.core.exceptions import LDAPBindError, LDAPCursorError
+from ldap3.core.exceptions import LDAPBindError, LDAPCursorError, LDAPPasswordIsMandatoryError
 
 from ldap3 import Server, Connection, ALL, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, MOCK_SYNC
 
@@ -45,13 +45,16 @@ def user_conn(loginname, password):
 		# implementation just compares the string in the objects's userPassword
 		# field with the password, no support for hashing or OpenLDAP-style
 		# password-prefixes ("{PLAIN}..." or "{ssha512}...").
-		if not conn.rebind(loginname_to_dn(loginname), password):
+		try:
+			if not conn.rebind(loginname_to_dn(loginname), password):
+				return False
+		except (LDAPBindError, LDAPPasswordIsMandatoryError):
 			return False
 		return get_mock_conn()
 	server = Server(current_app.config["LDAP_SERVICE_URL"], get_info=ALL)
 	try:
 		return fix_connection(Connection(server, loginname_to_dn(loginname), password, auto_bind=True))
-	except LDAPBindError:
+	except (LDAPBindError, LDAPPasswordIsMandatoryError):
 		return False
 
 def get_conn():
-- 
GitLab