Added fix for notifying user about locked user account in WebUI

User in now notified about "Locked User account" message instead of "The password or username you entered is incorrect" or any generic error message Fixes : https://fedorahosted.org/freeipa/ticket/5076 Signed-off-by: Abhijeet Kasurde <akasurde@redhat.com> Reviewed-By: Martin Basti <mbasti@redhat.com> Reviewed-By: Pavel Vomacka <pvomacka@redhat.com>
author: Abhijeet Kasurde <akasurde@redhat.com> 2016-04-20 11:09:53 +0530
committer: Martin Basti <mbasti@redhat.com> 2016-04-28 17:04:37 +0200
commit: 3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725 (patch)
tree: 64de24101dfd378cf73ebc76bfb0f05abf461f3f /ipaserver/rpcserver.py
parent: 05cb4ba4e97d8cbffaf1c16451c488db4a90a878 (diff)
download: freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.tar.gz
freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.tar.xz
freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.zip
1 files changed, 11 insertions, 1 deletions
diff --git a/ipaserver/rpcserver.py b/ipaserver/rpcserver.py
index 96f82d5e2..df6473669 100644
--- a/ipaserver/rpcserver.py
+++ b/ipaserver/rpcserver.py
@@ -43,7 +43,7 @@ from ipalib.capabilities import VERSION_WITHOUT_CAPABILITIES
 from ipalib.backend import Executioner
 from ipalib.errors import (PublicError, InternalError, CommandError, JSONError,
     CCacheError, RefererError, InvalidSessionPassword, NotFound, ACIError,
-    ExecutionError, PasswordExpired, KrbPrincipalExpired)
+    ExecutionError, PasswordExpired, KrbPrincipalExpired, UserLocked)
 from ipalib.request import context, destroy_context
 from ipalib.rpc import (xml_dumps, xml_loads,
     json_encode_binary, json_decode_binary)
@@ -954,6 +954,11 @@ class login_password(Backend, KerberosSession, HTTP_Status):
                                      start_response,
                                      str(e),
                                      'krbprincipal-expired')
+        except UserLocked as e:
+            return self.unauthorized(environ,
+                                     start_response,
+                                     str(e),
+                                     'user-locked')
 
         return self.finalize_kerberos_acquisition('login_password', ipa_ccache_name, environ, start_response)
 
@@ -993,9 +998,14 @@ class login_password(Backend, KerberosSession, HTTP_Status):
                   ' has expired while getting initial credentials') in str(e):
                 raise KrbPrincipalExpired(principal=principal,
                                           message=unicode(e))
+            elif ('kinit: Clients credentials have been revoked '
+                  'while getting initial credentials') in str(e):
+                raise UserLocked(principal=principal,
+                                 message=unicode(e))
             raise InvalidSessionPassword(principal=principal,
                                          message=unicode(e))
 
+
 class change_password(Backend, HTTP_Status):
 
     content_type = 'text/plain'
author	Abhijeet Kasurde <akasurde@redhat.com>	2016-04-20 11:09:53 +0530
committer	Martin Basti <mbasti@redhat.com>	2016-04-28 17:04:37 +0200
commit	3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725 (patch)
tree	64de24101dfd378cf73ebc76bfb0f05abf461f3f /ipaserver/rpcserver.py
parent	05cb4ba4e97d8cbffaf1c16451c488db4a90a878 (diff)
download	freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.tar.gz freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.tar.xz freeipa-3d07c889ce21ffe1d8baec3fd0c13bc67aa1d725.zip