From 3a75b6771fa1bb6ba79895312ee9d1325be6663d Mon Sep 17 00:00:00 2001 From: Jean-Philippe Lang Date: Wed, 12 Mar 2008 17:56:19 +0000 Subject: [PATCH] Prevent LDAP authentication with empty password related problems. git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- app/models/user.rb | 2 ++ 1 file changed, 2 insertions(+) diff --git a/app/models/user.rb b/app/models/user.rb index 2dd698f28..ae81d46d2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -83,6 +83,8 @@ class User < ActiveRecord::Base # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password) + # Make sure no one can sign in with an empty password + return nil if password.to_s.empty? user = find(:first, :conditions => ["login=?", login]) if user # user is already in local database