# HG changeset patch
# User Mads Kiilerich <madski@unity3d.com>
# Date 2016-10-24 15:18:51
# Node ID c073c723e26413ce8863ac78a41fd05eb80dbfb9
# Parent  aa0560cfca9b7bff206ce8db0642a65029f61006

auth: better handling of LDAP and authentication errors - don't log a stack trace ... but also don't reveal anything to the user

diff --git a/kallithea/lib/auth_modules/auth_ldap.py b/kallithea/lib/auth_modules/auth_ldap.py
--- a/kallithea/lib/auth_modules/auth_ldap.py
+++ b/kallithea/lib/auth_modules/auth_ldap.py
@@ -353,12 +353,13 @@ class KallitheaAuthPlugin(auth_modules.K
             log.info('user %s authenticated correctly', user_data['username'])
             return user_data
 
-        except (LdapUsernameError, LdapPasswordError, LdapImportError):
-            log.error(traceback.format_exc())
-            return None
-        except Exception:
-            log.error(traceback.format_exc())
-            return None
+        except LdapUsernameError:
+            log.info('Error authenticating %s with LDAP: User not found', username)
+        except LdapPasswordError:
+            log.info('Error authenticating %s with LDAP: Password error', username)
+        except LdapImportError:
+            log.error('Error authenticating %s with LDAP: LDAP not available', username)
+        return None
 
     def get_managed_fields(self):
         return ['username', 'firstname', 'lastname', 'email', 'password']