ERP5Security.ERP5LoginUserManager: Loudly bail in case of database error.

Allows recovering from broken connection strings, as ERP5 authentication still relies on having a working catalog.

ERP5Security.ERP5LoginUserManager: Loudly bail in case of database error.
Allows recovering from broken connection strings, as ERP5 authentication still relies on having a working catalog.
c4a7bcb0 · Vincent Pelletier · 6693bb31 · c4a7bcb0
Commit c4a7bcb0 authored Feb 16, 2017 by Vincent Pelletier
Hide whitespace changes
Inline Side-by-side

Showing with 19 additions and 5 deletions

product/ERP5Security/ERP5LoginUserManager.py product/ERP5Security/ERP5LoginUserManager.py +19 -5

No files found.
--- a/product/ERP5Security/ERP5LoginUserManager.py
+++ b/product/ERP5Security/ERP5LoginUserManager.py
@@ -37,6 +37,8 @@ from Products.PluggableAuthService.interfaces.plugins import IUserEnumerationPlu
 from DateTime import DateTime
 from Products import ERP5Security
 from AccessControl import SpecialUsers
+from Shared.DC.ZRDB.DA import DatabaseError
+from zLOG import LOG, ERROR

 # To prevent login thieves
 SPECIAL_USER_NAME_SET = (
@@ -139,11 +141,23 @@ class ERP5LoginUserManager(BasePlugin):
    return (user_value.getUserId(), login_value.getReference())

  def _getLoginValueFromLogin(self, login, login_portal_type=None):
-    user_list = self.enumerateUsers(
-      login=login,
-      exact_match=True,
-      login_portal_type=login_portal_type,
-    )
+    try:
+      user_list = self.enumerateUsers(
+        login=login,
+        exact_match=True,
+        login_portal_type=login_portal_type,
+      )
+    except DatabaseError:
+      # DatabaseError gets raised when catalog is not functional. In which case
+      # it should be fine to bail without any user, letting PAS continue trying
+      # other plugins.
+      LOG(
+        repr(self),
+        ERROR,
+        'enumerateUsers raised, bailing',
+        error=True,
+      )
+      user_list = []
    if not user_list:
      return
    single_user, = user_list