lub
/
mailu
1
0
Fork 0
Code Issues Pull Requests Packages Releases Wiki Activity

Merge #2015

Browse Source 
2015: Prevent logins with no password r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Prevent logins with no password; These may occur with imported hashes.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
master
bors[bot] 3 years ago committed by GitHub
parent 8c8c1b2015 632ce663ee
commit a9ec601e3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
core/admin/mailu/models.py
Unescape Escape View File

@ -562,6 +562,8 @@ class User(Base, Email):
""" verifies password against stored hash
and updates hash if outdated
"""
if password == '':
return False
cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt:

Write Preview
Loading…
Cancel
Save