From 9bfe9ecbc90a3b7851d7673f5e9a9df428e7b651 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jos=C3=A9=20Redrejo?= <jose@learningequality.org>
Date: Fri, 5 Jan 2024 17:39:41 +0100
Subject: [PATCH] distinguish validation when remote facility allows
 authentication without password

---
 kolibri/core/auth/tasks.py                     |  8 +++++++-
 kolibri/core/auth/utils/users.py               | 18 ++++++++++++++++--
 .../src/views/ImportIndividualUserForm.vue     |  1 +
 3 files changed, 24 insertions(+), 3 deletions(-)

diff --git a/kolibri/core/auth/tasks.py b/kolibri/core/auth/tasks.py
index b1a1e166ca7..8065cda5426 100644
--- a/kolibri/core/auth/tasks.py
+++ b/kolibri/core/auth/tasks.py
@@ -7,6 +7,7 @@
 from django.core.management import call_command
 from django.utils import timezone
 from rest_framework import serializers
+from rest_framework.exceptions import AuthenticationFailed
 from rest_framework.exceptions import ValidationError
 
 from kolibri.core.auth.constants.demographics import NOT_SPECIFIED
@@ -532,7 +533,12 @@ def validate(self, data):
         facility_id = data["facility"]
         username = data["username"]
         password = data["password"]
-        facility_info = get_remote_users_info(baseurl, facility_id, username, password)
+        try:
+            facility_info = get_remote_users_info(
+                baseurl, facility_id, username, password
+            )
+        except AuthenticationFailed as e:
+            raise ValidationError(detail=str(e.detail), code=e.detail.code)
         user_info = facility_info["user"]
 
         # syncing using an admin account (username & password belong to the admin):
diff --git a/kolibri/core/auth/utils/users.py b/kolibri/core/auth/utils/users.py
index a03e6a5f2bc..97c51a8116d 100644
--- a/kolibri/core/auth/utils/users.py
+++ b/kolibri/core/auth/utils/users.py
@@ -49,9 +49,23 @@ def get_remote_users_info(baseurl, facility_id, username, password):
         response.raise_for_status()
     except (CommandError, HTTPError, ConnectionError) as e:
         if password == NOT_SPECIFIED or not password:
-            raise AuthenticationFailed(
-                detail="Password is required", code=error_constants.MISSING_PASSWORD
+            facility_info_url = reverse_remote(
+                baseurl,
+                "kolibri:core:publicfacility-detail",
+                args=[
+                    facility_id,
+                ],
             )
+            response = requests.get(facility_info_url)
+            if response.json()["learner_can_login_with_no_password"]:
+                raise AuthenticationFailed(
+                    detail="The username can not be found",
+                    code=error_constants.INVALID_USERNAME,
+                )
+            else:
+                raise AuthenticationFailed(
+                    detail="Password is required", code=error_constants.MISSING_PASSWORD
+                )
         else:
             raise AuthenticationFailed(
                 detail=str(e), code=error_constants.AUTHENTICATION_FAILED
diff --git a/kolibri/plugins/setup_wizard/assets/src/views/ImportIndividualUserForm.vue b/kolibri/plugins/setup_wizard/assets/src/views/ImportIndividualUserForm.vue
index 386126ca59a..e8d4619c9bf 100644
--- a/kolibri/plugins/setup_wizard/assets/src/views/ImportIndividualUserForm.vue
+++ b/kolibri/plugins/setup_wizard/assets/src/views/ImportIndividualUserForm.vue
@@ -284,6 +284,7 @@
               ERROR_CONSTANTS.MISSING_PASSWORD,
               ERROR_CONSTANTS.PASSWORD_NOT_SPECIFIED,
               ERROR_CONSTANTS.AUTHENTICATION_FAILED,
+              ERROR_CONSTANTS.INVALID_USERNAME,
             ]);
 
             const errorData = error.response.data;