Prevent LDAP authentication with empty password related problems.

author Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)

committer Jean-Philippe Lang <jp_lang@yahoo.fr>

Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)
author Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)
committer Jean-Philippe Lang <jp_lang@yahoo.fr>
Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)
diff --git a/app/models/user.rb b/app/models/user.rb

index 2dd698f2887b406aa259995a546a4177d80b48d3..ae81d46d219a4c21b92e2be86f688dab83255055 100644 (file)
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -83,6 +83,8 @@ class User < ActiveRecord::Base
    
    # Returns the user that matches provided login and password, or nil
    def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
      user = find(:first, :conditions => ["login=?", login])
      if user
        # user is already in local database
author	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)
committer	Jean-Philippe Lang <jp_lang@yahoo.fr>
	Wed, 12 Mar 2008 17:56:19 +0000 (17:56 +0000)