diff options
| author | Brynn Crowley <littlehill723@gmail.com> | 2025-03-08 15:04:15 +0000 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2025-03-08 15:04:15 +0000 |
| commit | 1c907929c614779adb963c97776810cdba8ce5f6 (patch) | |
| tree | 746e3f015490252cc8b96af0fe4b1ba894a987bb /internal/authentication/ldap_user_provider.go | |
| parent | 9241731a4dd5592b4a02b5352c903b4d06b6f4ab (diff) | |
refactor(handlers): add more detailed errors for password-change failures (#8899)
Adds some more helpful log information to the change password feature.
Signed-off-by: Brynn Crowley <littlehill723@gmail.com>
Signed-off-by: James Elliott <james-d-elliott@users.noreply.github.com>
Co-authored-by: James Elliott <james-d-elliott@users.noreply.github.com>
Diffstat (limited to 'internal/authentication/ldap_user_provider.go')
| -rw-r--r-- | internal/authentication/ldap_user_provider.go | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/internal/authentication/ldap_user_provider.go b/internal/authentication/ldap_user_provider.go index 502dbe502..9480717a6 100644 --- a/internal/authentication/ldap_user_provider.go +++ b/internal/authentication/ldap_user_provider.go @@ -338,7 +338,7 @@ func (p *LDAPUserProvider) ChangePassword(username, oldPassword string, newPassw userPasswordOk, err := p.CheckUserPassword(username, oldPassword) if err != nil { - errorCode := ldapGetErrorCode(err) + errorCode := getLDAPResultCode(err) if errorCode == ldap.LDAPResultInvalidCredentials { return ErrIncorrectPassword } else { @@ -385,24 +385,22 @@ func (p *LDAPUserProvider) ChangePassword(username, oldPassword string, newPassw //TODO: Better inform users regarding password reuse/password history. if err != nil { - if errorCode := ldapGetErrorCode(err); errorCode != -1 { + if errorCode := getLDAPResultCode(err); errorCode != -1 { switch errorCode { case ldap.LDAPResultInvalidCredentials, ldap.LDAPResultInappropriateAuthentication: - return ErrIncorrectPassword + return fmt.Errorf("%w: %v", ErrIncorrectPassword, err) case ldap.LDAPResultConstraintViolation, ldap.LDAPResultObjectClassViolation, ldap.ErrorEmptyPassword, ldap.LDAPResultUnwillingToPerform: - return ErrPasswordWeak - case ldap.LDAPResultInsufficientAccessRights: - return ErrOperationFailed + return fmt.Errorf("%w: %v", ErrPasswordWeak, err) default: - return ErrOperationFailed + return fmt.Errorf("%w: %v", ErrOperationFailed, err) } } - return ErrOperationFailed + return fmt.Errorf("%w: %v", ErrOperationFailed, err) } return nil |