From 0d17f30d723ab7a5a322f32cd0d5602cb50a17d3 Mon Sep 17 00:00:00 2001
From: Patrick Mayr <patrick@fet.at>
Date: Tue, 1 Aug 2023 16:02:01 +0000
Subject: [PATCH] update authentications

---
 fet2020/authentications/authentications.py |  7 +---
 fet2020/authentications/forms.py           | 39 +++++++++++-----------
 2 files changed, 20 insertions(+), 26 deletions(-)

diff --git a/fet2020/authentications/authentications.py b/fet2020/authentications/authentications.py
index 91a1e12a..fd9a591f 100644
--- a/fet2020/authentications/authentications.py
+++ b/fet2020/authentications/authentications.py
@@ -18,12 +18,7 @@ def authentication(username, password):
     userdn = f"uid={username},ou=user,dc=fet,dc=htu,dc=tuwien,dc=ac,dc=at"
 
     try:
-        c = Connection(server, user=userdn, password=password)
-
-        # perform the Bind operation
-        if not c.bind():
-            print("error in bind", c.result)
-
+        c = Connection(server, user=userdn, password=password, auto_bind=True)
         if c.extend.standard.who_am_i():
             return username
 
diff --git a/fet2020/authentications/forms.py b/fet2020/authentications/forms.py
index c340a8d8..539dfa7b 100644
--- a/fet2020/authentications/forms.py
+++ b/fet2020/authentications/forms.py
@@ -1,6 +1,6 @@
 from django.contrib.auth.forms import AuthenticationForm, PasswordChangeForm
 from django.contrib.auth.models import User
-from django.core.validators import ValidationError
+from django.core.exceptions import ValidationError
 
 from .authentications import authentication, change_password
 
@@ -12,18 +12,17 @@ class LoginForm(AuthenticationForm):
 
         if username is not None and password:
             auth_user = authentication(username, password)
+            if auth_user is None:
+                raise ValidationError(
+                    "Bitte Benutzername und Passwort korrekt eingeben.",
+                    code="invalid_login",
+                )
 
-            if auth_user:
-                try:
-                    self.user_cache = User.objects.get(username=auth_user.lower())
-                except User.DoesNotExist:
-                    self.user_cache = User.objects.create_user(auth_user.lower())
-            else:
-                raise self.get_invalid_login_error()
-
-            if self.user_cache is None:
-                raise self.get_invalid_login_error()
-            else:
+            try:
+                self.user_cache = User.objects.get(username=auth_user.lower())
+            except User.DoesNotExist:
+                self.user_cache = User.objects.create_user(auth_user.lower())
+            finally:
                 self.confirm_login_allowed(self.user_cache)
 
         return self.cleaned_data
@@ -31,19 +30,19 @@ class LoginForm(AuthenticationForm):
 
 class LdapPasswordChangeForm(PasswordChangeForm):
     def clean_old_password(self):
-        old_password = self.cleaned_data["old_password"]
-        if not authentication(self.user.username, old_password):
+        old_password = self.cleaned_data.get("old_password")
+        auth_user = authentication(self.user, old_password)
+        if auth_user is None:
             raise ValidationError(
                 self.error_messages["password_incorrect"],
                 code="password_incorrect",
             )
+
         return old_password
 
-    def clean(self):
-        old_password = self.cleaned_data["old_password"]
-        new_password = self.cleaned_data["new_password1"]
-        if not change_password(self.user, old_password, new_password):
-            raise ValidationError("Passwort im LDAP ändern funktioniert nicht.")
-
     def save(self):
+        old_password = self.cleaned_data.get("old_password")
+        new_password = self.cleaned_data.get("new_password1")
+        change_password(self.user, old_password, new_password)
+
         return self.user