From b9e53097577499b519f9fcdd053421cb1507bab3 Mon Sep 17 00:00:00 2001
From: Arthur Schiwon <blizzz@owncloud.com>
Date: Thu, 7 May 2015 21:09:10 +0200
Subject: [PATCH] catch unallowed anonymous auth attempt and show specific
 error

---
 apps/user_ldap/ajax/testConfiguration.php     | 21 ++++++++++++-------
 .../js/wizard/wizardTabElementary.js          |  9 +++++++-
 apps/user_ldap/js/wizard/wizardTabGeneric.js  |  5 +++++
 .../js/wizard/wizardTabUserFilter.js          |  6 ++++++
 apps/user_ldap/lib/ldap.php                   |  2 ++
 5 files changed, 34 insertions(+), 9 deletions(-)

diff --git a/apps/user_ldap/ajax/testConfiguration.php b/apps/user_ldap/ajax/testConfiguration.php
index 31f72a38e0..289957764a 100644
--- a/apps/user_ldap/ajax/testConfiguration.php
+++ b/apps/user_ldap/ajax/testConfiguration.php
@@ -34,16 +34,21 @@ $ldapWrapper = new OCA\user_ldap\lib\LDAP();
 $connection = new \OCA\user_ldap\lib\Connection($ldapWrapper, '', null);
 //needs to be true, otherwise it will also fail with an irritating message
 $_POST['ldap_configuration_active'] = 1;
-if($connection->setConfiguration($_POST)) {
-	//Configuration is okay
-	if($connection->bind()) {
-		OCP\JSON::success(array('message'
+
+try {
+	if ($connection->setConfiguration($_POST)) {
+		//Configuration is okay
+		if ($connection->bind()) {
+			OCP\JSON::success(array('message'
 			=> $l->t('The configuration is valid and the connection could be established!')));
+		} else {
+			OCP\JSON::error(array('message'
+			=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
+		}
 	} else {
 		OCP\JSON::error(array('message'
-			=> $l->t('The configuration is valid, but the Bind failed. Please check the server settings and credentials.')));
-	}
-} else {
-	OCP\JSON::error(array('message'
 		=> $l->t('The configuration is invalid. Please have a look at the logs for further details.')));
+	}
+} catch (\Exception $e) {
+	OCP\JSON::error(array('message' => $e->getMessage()));
 }
diff --git a/apps/user_ldap/js/wizard/wizardTabElementary.js b/apps/user_ldap/js/wizard/wizardTabElementary.js
index b8ab367dfd..75664275a9 100644
--- a/apps/user_ldap/js/wizard/wizardTabElementary.js
+++ b/apps/user_ldap/js/wizard/wizardTabElementary.js
@@ -165,6 +165,12 @@ OCA = OCA || {};
 		 * @inheritdoc
 		 */
 		overrideErrorMessage: function(message, key) {
+			var original = message;
+			message = this._super(message, key);
+			if(original !== message) {
+				// we pass the parents change
+				return message;
+			}
 			switch(key) {
 				case 'ldap_port':
 					if (message === 'Invalid credentials') {
@@ -267,7 +273,8 @@ OCA = OCA || {};
 						message = t('user_ldap', objectsFound + ' entries available within the provided Base DN');
 					}
 				} else {
-					message = t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
+					message = view.overrideErrorMessage(payload.data.message);
+					message = message || t('user_ldap', 'An error occurred. Please check the Base DN, as well as connection settings and credentials.');
 					if(payload.data.message) {
 						console.warn(payload.data.message);
 					}
diff --git a/apps/user_ldap/js/wizard/wizardTabGeneric.js b/apps/user_ldap/js/wizard/wizardTabGeneric.js
index 720628fa60..c272df7e3c 100644
--- a/apps/user_ldap/js/wizard/wizardTabGeneric.js
+++ b/apps/user_ldap/js/wizard/wizardTabGeneric.js
@@ -70,6 +70,11 @@ OCA = OCA || {};
 		 * @returns {string}
 		 */
 		overrideErrorMessage: function(message, key) {
+			if(message === 'LDAP authentication method rejected'
+				&& !this.configModel.configuration.ldap_dn)
+			{
+				message = t('user_ldap', 'Anonymous bind is not allowed. Please provide a User DN and Password.');
+			}
 			return message;
 		},
 
diff --git a/apps/user_ldap/js/wizard/wizardTabUserFilter.js b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
index 992c1ccf37..4fe223ee07 100644
--- a/apps/user_ldap/js/wizard/wizardTabUserFilter.js
+++ b/apps/user_ldap/js/wizard/wizardTabUserFilter.js
@@ -122,6 +122,12 @@ OCA = OCA || {};
 		 * @inheritdoc
 		 */
 		overrideErrorMessage: function(message, key) {
+			var original = message;
+			message = this._super(message, key);
+			if(original !== message) {
+				// we pass the parents change
+				return message;
+			}
 			if(   key === 'ldap_userfilter_groups'
 			   && message === 'memberOf is not supported by the server'
 			) {
diff --git a/apps/user_ldap/lib/ldap.php b/apps/user_ldap/lib/ldap.php
index 74df3dd8ae..48852a3a49 100644
--- a/apps/user_ldap/lib/ldap.php
+++ b/apps/user_ldap/lib/ldap.php
@@ -287,6 +287,8 @@ class LDAP implements ILDAPWrapper {
 					//referrals, we switch them off, but then there is AD :)
 				} else if ($errorCode === -1) {
 					throw new ServerNotAvailableException('Lost connection to LDAP server.');
+				} else if ($errorCode === 48) {
+					throw new \Exception('LDAP authentication method rejected');
 				} else {
 					\OCP\Util::writeLog('user_ldap',
 										'LDAP error '.$errorMsg.' (' .