perf: 优化acl提示

apps/authentication/errors.py

@@ -31,7 +31,7 @@ reason_choices = {
     reason_user_invalid: _('Disabled or expired'),
     reason_user_inactive: _("This account is inactive."),
     reason_backend_not_match: _("Auth backend not match"),
-    reason_acl_not_allow: _("ACL is not allowed")
+    reason_acl_not_allow: _("ACL is not allowed"),
 }
 old_reason_choices = {
     '0': '-',
@@ -184,6 +184,28 @@ class MFARequiredError(NeedMoreInfoError):
         }
 
 
+class ACLError(AuthFailedNeedLogMixin, AuthFailedError):
+    msg = reason_acl_not_allow
+    error = 'acl_error'
+
+    def __init__(self, msg, **kwargs):
+        self.msg = msg
+        super().__init__(**kwargs)
+
+    def as_data(self):
+        return {
+            "error": reason_acl_not_allow,
+            "msg": self.msg
+        }
+
+
+class LoginIPNotAllowed(ACLError):
+    def __init__(self, username, request, **kwargs):
+        self.username = username
+        self.request = request
+        super().__init__(_("IP is not allowed"), **kwargs)
+
+
 class LoginConfirmBaseError(NeedMoreInfoError):
     def __init__(self, ticket_id, **kwargs):
         self.ticket_id = ticket_id

apps/authentication/mixins.py

@@ -183,7 +183,7 @@ class AuthMixin:
         from acls.models import LoginACL
         is_allowed = LoginACL.allow_user_to_login(user, ip)
         if not is_allowed:
-            raise self.raise_credential_error(error=errors.reason_acl_not_allow)
+            raise errors.LoginIPNotAllowed(username=user.username, request=self.request)
 
     def check_user_auth(self, decrypt_passwd=False):
         self.check_is_block()