From a6b8ea963d3bd33c2ab1fbb678b862942201b0d3 Mon Sep 17 00:00:00 2001 From: Daniel Aloni Date: Tue, 2 May 2023 15:11:51 +0300 Subject: [PATCH] =?UTF-8?q?=F0=9F=A5=85=20Align=20LDAP=20auth=20errors=20w?= =?UTF-8?q?ith=20regular=20auth=20errors.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- clientapi/auth/password.go | 30 ++++++++++++++++++++++++++---- 1 file changed, 26 insertions(+), 4 deletions(-) diff --git a/clientapi/auth/password.go b/clientapi/auth/password.go index 05d044a9b..756a1b611 100644 --- a/clientapi/auth/password.go +++ b/clientapi/auth/password.go @@ -268,18 +268,40 @@ func (t *LoginTypePassword) authenticateLdap(username, password string) (bool, * userDN := result.Entries[0].DN err = conn.Bind(userDN, password) if err != nil { + var localpart string + localpart, _, err = userutil.ParseUsernameParam(username, t.Config.Matrix) + if err != nil { + return false, &util.JSONResponse{ + Code: http.StatusUnauthorized, + JSON: jsonerror.InvalidUsername(err.Error()), + } + } + if t.Rt != nil { + t.Rt.Act(localpart) + } return false, &util.JSONResponse{ - Code: http.StatusUnauthorized, - JSON: jsonerror.InvalidUsername(err.Error()), + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("The username or password was incorrect or the account does not exist."), } } } else { bindDn := strings.ReplaceAll(t.Config.Ldap.UserBindDn, "{username}", username) err = conn.Bind(bindDn, password) if err != nil { + var localpart string + localpart, _, err = userutil.ParseUsernameParam(username, t.Config.Matrix) + if err != nil { + return false, &util.JSONResponse{ + Code: http.StatusUnauthorized, + JSON: jsonerror.InvalidUsername(err.Error()), + } + } + if t.Rt != nil { + t.Rt.Act(localpart) + } return false, &util.JSONResponse{ - Code: http.StatusUnauthorized, - JSON: jsonerror.InvalidUsername(err.Error()), + Code: http.StatusForbidden, + JSON: jsonerror.Forbidden("The username or password was incorrect or the account does not exist."), } } }