indico · ThiefMaster · Mar 10, 2025 · Feb 27, 2025 · Mar 10, 2025 · Mar 10, 2025
diff --git a/CHANGES.rst b/CHANGES.rst
@@ -1,6 +1,12 @@
 Changelog
 =========
 
+Version 0.9
+-----------
+
+- Include the username in the ``identifier`` attribute of the ``NoSuchUser``
+  exception so applications can apply e.g. per-username rate limiting
+
 Version 0.8
 -----------
 

diff --git a/flask_multipass/core.py b/flask_multipass/core.py
@@ -543,7 +543,7 @@ def handle_login_form(self, provider, data):
             response = provider.process_local_login(data)
         except MultipassException as e:
             if isinstance(e, NoSuchUser) and current_app.config['MULTIPASS_HIDE_NO_SUCH_USER']:
-                e = InvalidCredentials(e.provider)
+                e = InvalidCredentials(details=e.details, provider=e.provider, identifier=e.identifier)
             self.handle_auth_error(e)
         else:
             return response

diff --git a/flask_multipass/exceptions.py b/flask_multipass/exceptions.py
@@ -25,8 +25,9 @@ class AuthenticationFailed(MultipassException):
 class NoSuchUser(AuthenticationFailed):
     """Indicates a user does not exist when attempting to authenticate."""
 
-    def __init__(self, details=None, provider=None):
+    def __init__(self, details=None, provider=None, identifier=None):
         AuthenticationFailed.__init__(self, 'No such user', details=details, provider=provider)
+        self.identifier = identifier
 
 
 class InvalidCredentials(AuthenticationFailed):

diff --git a/flask_multipass/providers/ldap/providers.py b/flask_multipass/providers/ldap/providers.py
@@ -78,7 +78,7 @@ def process_local_login(self, data):
             try:
                 user_dn, user_data = get_user_by_id(username, attributes=[self.ldap_settings['uid']])
                 if not user_dn:
-                    raise NoSuchUser(provider=self)
+                    raise NoSuchUser(provider=self, identifier=data['username'])
                 current_ldap.connection.simple_bind_s(user_dn, password)
             except INVALID_CREDENTIALS:
                 raise InvalidCredentials(provider=self, identifier=data['username'])

diff --git a/flask_multipass/providers/sqlalchemy.py b/flask_multipass/providers/sqlalchemy.py
@@ -53,7 +53,7 @@ def process_local_login(self, data):
         identity = self.identity_model.query.filter(type(self).provider_column == self.name,
                                                     type(self).identifier_column == data['identifier']).first()
         if not identity:
-            raise NoSuchUser(provider=self)
+            raise NoSuchUser(provider=self, identifier=data['identifier'])
         if not self.check_password(identity, data['password']):
             raise InvalidCredentials(provider=self, identifier=data['identifier'])
         auth_info = AuthInfo(self, identity=identity)

diff --git a/flask_multipass/providers/static.py b/flask_multipass/providers/static.py
@@ -42,7 +42,7 @@ def process_local_login(self, data):
         username = data['username']
         password = self.settings['identities'].get(username)
         if password is None:
-            raise NoSuchUser(provider=self)
+            raise NoSuchUser(provider=self, identifier=data['identifier'])
         if password != data['password']:
             raise InvalidCredentials(provider=self, identifier=data['username'])
         auth_info = AuthInfo(self, username=data['username'])

diff --git a/pyproject.toml b/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = 'Flask-Multipass'
-version = '0.8'
+version = '0.9'
 description = 'A pluggable solution for multi-backend authentication with Flask'
 readme = 'README.rst'
 license = 'BSD-3-Clause'