Allow hiding NoSuchUser error

indico · Dec 10, 2024 · f1f6f06 · f1f6f06
1 parent 9398b9a
commit f1f6f06
Show file tree

Hide file tree

Showing 2 changed files with 11 additions and 1 deletion.
diff --git a/docs/quickstart.rst b/docs/quickstart.rst
@@ -54,6 +54,7 @@ The following configuration values exist for Flask-Multipass:
 ``MULTIPASS_FAILURE_CATEGORY``         Category of message when flashing after unsuccessful login
 ``MULTIPASS_ALL_MATCHING_IDENTITIES``  If true, all matching identities are passed after successful authentication
 ``MULTIPASS_REQUIRE_IDENTITY``         If true, ``IdentityRetrievalFailed`` is raised when no matching identities are found, otherwise empty list is passed
+``MULTIPASS_HIDE_NO_SUCH_USER``        If true, ``InvalidCredentials`` instead of ``NoSuchUser`` is raised when no user is found in the system
 ====================================== =========================================
 
 A configuration example can be found here: :ref:`config_example`

diff --git a/flask_multipass/core.py b/flask_multipass/core.py
@@ -12,7 +12,13 @@
 from werkzeug.exceptions import NotFound
 
 from flask_multipass.auth import AuthProvider
-from flask_multipass.exceptions import GroupRetrievalFailed, IdentityRetrievalFailed, MultipassException
+from flask_multipass.exceptions import (
+    GroupRetrievalFailed,
+    IdentityRetrievalFailed,
+    InvalidCredentials,
+    MultipassException,
+    NoSuchUser,
+)
 from flask_multipass.identity import IdentityProvider
 from flask_multipass.util import (
     get_canonical_provider_map,
@@ -72,6 +78,7 @@ def init_app(self, app):
         app.config.setdefault('MULTIPASS_FAILURE_CATEGORY', 'error')
         app.config.setdefault('MULTIPASS_ALL_MATCHING_IDENTITIES', False)
         app.config.setdefault('MULTIPASS_REQUIRE_IDENTITY', True)
+        app.config.setdefault('MULTIPASS_HIDE_NO_SUCH_USER', False)
         with app.app_context():
             self._create_login_rule()
             state.auth_providers = ImmutableDict(self._create_providers('AUTH', AuthProvider))
@@ -528,6 +535,8 @@ def handle_login_form(self, provider, data):
         try:
             response = provider.process_local_login(data)
         except MultipassException as e:
+            if isinstance(e, NoSuchUser) and current_app.config['MULTIPASS_HIDE_NO_SUCH_USER']:
+                e = InvalidCredentials(e.provider)
             self.handle_auth_error(e)
         else:
             return response