Prevent LDAP authentication with empty password related problems.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81

Prevent LDAP authentication with empty password related problems.
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81
3a75b677 · Jean-Philippe Lang · a9c972fb · 3a75b677
Commit 3a75b677 authored Mar 12, 2008 by Jean-Philippe Lang
Hide whitespace changes
Inline Side-by-side

Showing with 2 additions and 0 deletions

user.rb app/models/user.rb +2 -0

No files found.
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -83,6 +83,8 @@ class User < ActiveRecord::Base
  
  # Returns the user that matches provided login and password, or nil
  def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
    user = find(:first, :conditions => ["login=?", login])
    if user
      # user is already in local database