Please provide meaningful error message if user is not found

[paulepanter]

In lib/adauth/authenticate.rb the code below is going to result in a “crash” when the search result is empty.

            user = Adauth::AdObjects::User.where('sAMAccountName', username).first
            if allowed_to_login(user)
                Adauth.logger.info("authentication") { "Authentication succesful" }
                return user
            else
                Adauth.logger.info("authentication") { "Authentication failed (not in allowed group or ou)" }
                return false
            end

Calling the method first on the empty result, results in user being nil, which causes failures further down the path. Could a check be added, so that false is returned if user is nil.

Even better would be to return more error codes or even messages, which can then be displayed in the log-in dialog.

[Arcath]

this code only gets run if the user successfully authenticates which can only happen if the user exists.

As for better errors LDAP gives the same error for any kind of failed login be it wrong password, user that doesn't exist etc... so Adauth would then need to perform extra queries to check if the username you entered exists.

The login/sessions controller/views are supplied to help get you up and running quickly, if you want more functionality out of it then you will need to code that yourself.