2015: Prevent logins with no password r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Prevent logins with no password; These may occur with imported hashes.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
master
bors[bot] 3 years ago committed by GitHub
commit a9ec601e3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

@ -562,6 +562,8 @@ class User(Base, Email):
""" verifies password against stored hash """ verifies password against stored hash
and updates hash if outdated and updates hash if outdated
""" """
if password == '':
return False
cache_result = self._credential_cache.get(self.get_id()) cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt: if cache_result and current_salt:

Loading…
Cancel
Save