1
0
mirror of https://github.com/laurivosandi/certidude synced 2024-12-23 00:25:18 +00:00

api: Better error message when confronted with NTLM

This commit is contained in:
Lauri Võsandi 2017-05-08 10:26:11 +00:00
parent 545febf3d0
commit 4e41655532
2 changed files with 6 additions and 0 deletions

View File

@ -46,6 +46,8 @@ def authenticate(optional=False):
context.step(b64decode(token)) context.step(b64decode(token))
except TypeError: # base64 errors except TypeError: # base64 errors
raise falcon.HTTPBadRequest("Bad request", "Malformed token") raise falcon.HTTPBadRequest("Bad request", "Malformed token")
except gssapi.raw.exceptions.BadMechanismError:
raise falcon.HTTPBadRequest("Bad request", "Unsupported authentication mechanism (NTLM?) was offered. Please make sure you've logged into the computer with domain user account. The web interface should not prompt for username or password.")
username, domain = str(context.initiator_name).split("@") username, domain = str(context.initiator_name).split("@")

View File

@ -887,6 +887,10 @@ def test_cli_setup_authority():
assert "No Kerberos ticket offered" in r.text, r.text assert "No Kerberos ticket offered" in r.text, r.text
r = requests.get("http://ca.example.lan/api/", headers={"Authorization": "Negotiate blerrgh"}) r = requests.get("http://ca.example.lan/api/", headers={"Authorization": "Negotiate blerrgh"})
assert r.status_code == 400, r.text assert r.status_code == 400, r.text
assert "Malformed token" in r.text
r = requests.get("http://ca.example.lan/api/", headers={"Authorization": "Negotiate TlRMTVNTUAABAAAAl4II4gAAAAAAAAAAAAAAAAAAAAAKADk4AAAADw=="})
assert r.status_code == 400, r.text
assert "Unsupported authentication mechanism (NTLM" in r.text
r = requests.get("http://ca.example.lan/api/", auth=auth) r = requests.get("http://ca.example.lan/api/", auth=auth)
assert r.status_code == 200, r.text assert r.status_code == 200, r.text