Improve adfs error msg (#5898)

* improve error msg * send error msg to sys/org admin * fix code
haiwen · Jan 17, 2024 · 73afa03 · 73afa03
1 parent c9ca6ef
commit 73afa03
Show file tree

Hide file tree

Showing 11 changed files with 251 additions and 55 deletions.
diff --git a/frontend/src/components/common/notice-item.js b/frontend/src/components/common/notice-item.js
@@ -19,6 +19,7 @@ const MSG_TYPE_DRAFT_REVIEWER = 'draft_reviewer';
 // const MSG_TYPE_GUEST_INVITATION_ACCEPTED = 'guest_invitation_accepted';
 const MSG_TYPE_REPO_MONITOR = 'repo_monitor';
 const MSG_TYPE_DELETED_FILES = 'deleted_files';
+const MSG_TYPE_SAML_SSO_FAILED = 'saml_sso_failed';
 
 class NoticeItem extends React.Component {
 
@@ -282,6 +283,13 @@ class NoticeItem extends React.Component {
       return { avatar_url : null, notice };
     }
 
+    if (noticeType === MSG_TYPE_SAML_SSO_FAILED) {
+      const { error_msg } = detail;
+      let notice = gettext(error_msg);
+
+      return { avatar_url : null, notice };
+    }
+
     // if (noticeType === MSG_TYPE_GUEST_INVITATION_ACCEPTED) {
 
     // }

diff --git a/seahub/adfs_auth/backends.py b/seahub/adfs_auth/backends.py
@@ -49,14 +49,6 @@ def authenticate(self, session_info=None, attribute_mapping=None, create_unknown
             logger.error('Session info or attribute mapping are None')
             return None
 
-        if 'ava' not in session_info:
-            logger.error('"ava" key not found in session_info')
-            return None
-
-        attributes = session_info['ava']
-        if not attributes:
-            logger.warning('The attributes dictionary is empty')
-
         name_id = session_info.get('name_id', '')
         if not name_id:
             logger.error('The name_id is not available. Could not determine user identifier.')
@@ -97,6 +89,15 @@ def authenticate(self, session_info=None, attribute_mapping=None, create_unknown
                 notify_admins_on_register_complete(user.username)
 
         if user:
+            if 'ava' not in session_info:
+                logger.warning('"ava" key not found in session_info')
+                return user
+
+            attributes = session_info['ava']
+            if not attributes:
+                logger.warning('The attributes dictionary is empty')
+                return user
+
             self.make_profile(user, attributes, attribute_mapping)
             self.sync_saml_groups(user, attributes)
 

diff --git a/seahub/adfs_auth/signals.py b/seahub/adfs_auth/signals.py
@@ -0,0 +1,4 @@
+# -*- coding: utf-8 -*-
+from django.dispatch import Signal
+
+saml_sso_failed = Signal()
diff --git a/seahub/adfs_auth/utils.py b/seahub/adfs_auth/utils.py
@@ -35,18 +35,18 @@ def _decorated(request):
             error = True
         else:
             if not XMLSEC_BINARY_PATH or not CERTS_DIR or not SAML_ATTRIBUTE_MAPPING or not SAML_PROVIDER_IDENTIFIER:
-                logger.error('ADFS login relevant settings invalid.')
+                logger.error('ADFS/SAML login relevant settings invalid.')
                 logger.error('SAML_XMLSEC_BINARY_PATH: %s' % XMLSEC_BINARY_PATH)
                 logger.error('SAML_CERTS_DIR: %s' % CERTS_DIR)
                 logger.error('SAML_ATTRIBUTE_MAPPING: %s' % SAML_ATTRIBUTE_MAPPING)
                 logger.error('SAML_PROVIDER_IDENTIFIER: %s' % SAML_PROVIDER_IDENTIFIER)
                 error = True
             if ENABLE_ADFS_LOGIN and not REMOTE_METADATA_URL:
-                logger.error('SAML relevant settings invalid.')
+                logger.error('ADFS/SAML login relevant settings invalid.')
                 logger.error('SAML_REMOTE_METADATA_URL: %s' % REMOTE_METADATA_URL)
                 error = True
         if error:
-            raise Exception(_('Error, please contact administrator.'))
+            raise Exception(_('ADFS/SAML login relevant settings invalid.'))
         return func(request)
     return _decorated
 
@@ -66,7 +66,7 @@ def config_settings_loader(request):
 
         org_saml_config = OrgSAMLConfig.objects.get_config_by_org_id(org_id)
         if not org_saml_config:
-            raise Exception('Failed to get org %s saml_config' % org_id)
+            raise Exception('Cannot find an ADFS/SAML config for the organization related to org_id %s.' % org_id)
 
         # get org remote_metadata_url
         remote_metadata_url = org_saml_config.metadata_url
@@ -131,6 +131,6 @@ def config_settings_loader(request):
         conf = SPConfig()
         conf.load(copy.deepcopy(saml_config))
     except Exception as e:
-        logger.exception('Failed to load saml config, error: %s' % e)
-        raise Exception('Failed to load saml config, error: %s' % e)
+        logger.exception('Failed to load adfs/saml config, error: %s' % e)
+        raise RuntimeError('Failed to load adfs/saml config, error: %s' % e)
     return conf