ERP5Security: log errors from authentication policy

because PAS only log these errors with level debug ( https://github.com/zopefoundation/Products.PluggableAuthService/blob/0fc22e9c472ba514470a9b205c945eb62df12205/Products/PluggableAuthService/PluggableAuthService.py#L663 ) they remained unnoticed in our case

ERP5Security: log errors from authentication policy
because PAS only log these errors with level debug ( https://github.com/zopefoundation/Products.PluggableAuthService/blob/0fc22e9c472ba514470a9b205c945eb62df12205/Products/PluggableAuthService/PluggableAuthService.py#L663 ) they remained unnoticed in our case
13d8652f · Jérome Perrin · e9dd9889 · 13d8652f · 13d8652f
Commit 13d8652f authored Oct 19, 2016 by Jérome Perrin
Showing with 35 additions and 16 deletions

product/ERP5Security/ERP5LoginUserManager.py product/ERP5Security/ERP5LoginUserManager.py +19 -6

product/ERP5Security/ERP5UserManager.py product/ERP5Security/ERP5UserManager.py +16 -10

No files found.
--- a/product/ERP5Security/ERP5LoginUserManager.py
+++ b/product/ERP5Security/ERP5LoginUserManager.py
@@ -128,14 +128,27 @@ class ERP5LoginUserManager(BasePlugin):
        password,
      ):
        if is_authentication_policy_enabled:
-          login_value.notifyLoginFailure()
+          try:
+            login_value.notifyLoginFailure()
+          except ConflictError:
+            raise
+          except Exception, e:
+            LOG('ERP5Security', PROBLEM,
+                'Error when processing authentication policy', error=sys.exc_info())
        return
    if is_authentication_policy_enabled:
-      if login_value.isPasswordExpired():
-        login_value.notifyPasswordExpire()
-        return
-      if login_value.isLoginBlocked():
-        return
+      try:
+        if login_value.isPasswordExpired():
+          login_value.notifyPasswordExpire()
+          return
+        if login_value.isLoginBlocked():
+          return
+      except ConflictError:
+        raise
+      except Exception, e:
+        LOG('ERP5Security', PROBLEM,
+            'Error when processing authentication policy', error=sys.exc_info())
+        return None
    return (user_value.getUserId(), login_value.getReference())

  def _getLoginValueFromLogin(self, login, login_portal_type=None):

--- a/product/ERP5Security/ERP5UserManager.py
+++ b/product/ERP5Security/ERP5UserManager.py
@@ -189,18 +189,24 @@ class ERP5UserManager(BasePlugin):
      return None
    user = user_list[0]

-    if authentication_result is None:
-      # file a failed authentication attempt
-      user.notifyLoginFailure()
-      return None
+    try:
+      if authentication_result is None:
+        # file a failed authentication attempt
+        user.notifyLoginFailure()
+        return None

-    # check if password is expired
-    if user.isPasswordExpired():
-      user.notifyPasswordExpire()
-      return None
+      # check if password is expired
+      if user.isPasswordExpired():
+        user.notifyPasswordExpire()
+        return None

-    # check if user account is blocked
-    if user.isLoginBlocked():
+      # check if user account is blocked
+      if user.isLoginBlocked():
+        return None
+    except ConflictError:
+      raise
+    except Exception, e:
+      LOG('ERP5Security', PROBLEM, 'Error when processing authentication policy', error=sys.exc_info())
      return None

    return authentication_result