From 632ce663ee41277e57ad56f522d29e213a030f81 Mon Sep 17 00:00:00 2001 From: Florent Daigniere Date: Thu, 14 Oct 2021 18:04:49 +0200 Subject: [PATCH] Prevent logins with no password --- core/admin/mailu/models.py | 2 ++ 1 file changed, 2 insertions(+) diff --git a/core/admin/mailu/models.py b/core/admin/mailu/models.py index 01711a60..3c79e661 100644 --- a/core/admin/mailu/models.py +++ b/core/admin/mailu/models.py @@ -562,6 +562,8 @@ class User(Base, Email): """ verifies password against stored hash and updates hash if outdated """ + if password == '': + return False cache_result = self._credential_cache.get(self.get_id()) current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None if cache_result and current_salt: