don't crash when ldap can't be reached. fixes #5001

Change-Id: I473c565031593c1b7b3545851c1c79d77d588280 Reviewed-on: https://gerrit.instructure.com/4567 Tested-by: Hudson <hudson@instructure.com> Reviewed-by: Brian Palmer <brianp@instructure.com>
2011-07-06 11:06:28 -06:00 · 2011-07-06 11:06:28 -06:00 · ee8b8d95b8
parent cb864c6ae0
commit ee8b8d95b8
2 changed files with 33 additions and 2 deletions
--- a/app/models/pseudonym.rb
+++ b/app/models/pseudonym.rb
@ -331,8 +331,12 @@ class Pseudonym < ActiveRecord::Base
    self.account.account_authorization_configs.each do |config|
      ldap = config.ldap_connection
      filter = config.ldap_filter(self.unique_id)
-      res = ldap.bind_as(:base => ldap.base, :filter => filter, :password => password_plaintext)
-      return res if res
+      begin
+        res = ldap.bind_as(:base => ldap.base, :filter => filter, :password => password_plaintext)
+        return res if res
+      rescue Net::LDAP::LdapError
+        ErrorReport.log_exception(:ldap, $!)
+      end
    end
    nil
  end
--- a/spec/models/pseudonym_spec.rb
+++ b/spec/models/pseudonym_spec.rb
@ -83,6 +83,33 @@ describe Pseudonym do
    @pseudonym.destroy(true).should eql(true)
    @pseudonym.should be_deleted
  end
+
+  it "should gracefully handle unreachable LDAP servers" do
+    require 'net/ldap'
+    module Net
+      class LDAP
+        alias_method :bind_as_old, :bind_as
+        def bind_as(opts = {})
+          raise Net::LDAP::LdapError, "no connection to server"
+        end
+      end
+    end
+    user_with_pseudonym(:active_all => true)
+    @pseudonym.account.account_authorization_configs.create!(
+      :auth_type      => 'ldap',
+      :auth_base      => "ou=people,dc=example,dc=com",
+      :auth_host      => "ldap.example.com",
+      :auth_username  => "cn=query,dc=example,dc=com",
+      :auth_port      => 636,
+      :auth_filter    => "(uid={{login}})",
+      :auth_over_tls  => true
+    )
+    lambda{ @pseudonym.ldap_bind_result('blech') }.should_not raise_error
+    ErrorReport.last.message.should eql("no connection to server")
+    module Net; class LDAP; def bind_as(opts={}); true; end; end; end
+    @pseudonym.ldap_bind_result('yay!').should be_true
+    module Net; class LDAP; alias_method :bind_as, :bind_as_old; end; end
+  end
  
  context "Needs a pseudonym with an active user" do
    before do