Prevent LDAP authentication with empty password related problems.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81
2008-03-12 17:56:19 +00:00 · 2008-03-12 17:56:19 +00:00 · 3a75b6771f
parent a9c972fbb3
commit 3a75b6771f
1 changed files with 2 additions and 0 deletions
--- a/app/models/user.rb
+++ b/app/models/user.rb
@ -83,6 +83,8 @@ class User < ActiveRecord::Base
  
  # Returns the user that matches provided login and password, or nil
  def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
    user = find(:first, :conditions => ["login=?", login])
    if user
      # user is already in local database