From: Jean-Philippe Lang <jp_lang@yahoo.fr>
Date: Wed, 12 Mar 2008 17:56:19 +0000 (+0000)
Subject: Prevent LDAP authentication with empty password related problems.
X-Git-Tag: 0.7.0-RC1~70
X-Git-Url: https://source.dussan.org/?a=commitdiff_plain;h=3a75b6771fa1bb6ba79895312ee9d1325be6663d;p=redmine.git

Prevent LDAP authentication with empty password related problems.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81
---

diff --git a/app/models/user.rb b/app/models/user.rb
index 2dd698f28..ae81d46d2 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -83,6 +83,8 @@ class User < ActiveRecord::Base
   
   # Returns the user that matches provided login and password, or nil
   def self.try_to_login(login, password)
+    # Make sure no one can sign in with an empty password
+    return nil if password.to_s.empty?
     user = find(:first, :conditions => ["login=?", login])
     if user
       # user is already in local database