From d9dd9332fc77d9e61bda0316cbb7d8f7c75f71d5 Mon Sep 17 00:00:00 2001
From: Julien Lancelot <julien.lancelot@gmail.com>
Date: Fri, 30 Nov 2012 11:29:43 +0100
Subject: [PATCH] Revert "SONAR-3968 Sonar should not allow any login with a
 blank password even when this authentication depends on an external system
 like LDAP"

This reverts commit 16c86195a6f172ad79fe27fa6d6b80c4515b71e7.
---
 .../resources/org/sonar/l10n/core.properties  |  1 -
 .../app/controllers/sessions_controller.rb    | 21 +++++------
 .../webapp/WEB-INF/lib/need_authentication.rb | 36 +++++++++----------
 3 files changed, 26 insertions(+), 32 deletions(-)

diff --git a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
index ab22ca13791..b6e1241c950 100644
--- a/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
+++ b/plugins/sonar-core-plugin/src/main/resources/org/sonar/l10n/core.properties
@@ -378,7 +378,6 @@ sessions.confirm_password=Confirm password
 sessions.sign_up=Sign up
 sessions.old_account=<a href="{0}" tabindex="-1">Log in</a> if you already have an account.
 session.flash_notice.authentication_failed=Authentication failed.
-session.flash_notice.empty_password=Password can't be blank.
 session.flash_notice.logged_out=You have been logged out.
 
 #------------------------------------------------------------------------------
diff --git a/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb b/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
index 4b56c58b76c..3098ad32268 100644
--- a/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/app/controllers/sessions_controller.rb
@@ -26,19 +26,16 @@ class SessionsController < ApplicationController
   
   def login
     return unless request.post?
-    if params[:password].blank?
-      flash.now[:loginerror] = message('session.flash_notice.empty_password')
-    else
-      self.current_user = User.authenticate(params[:login], params[:password], servlet_request)
-      if logged_in?
-        if params[:remember_me] == '1'
-          self.current_user.remember_me
-          cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
-        end
-        redirect_back_or_default(home_url)
-      else
-        flash.now[:loginerror] = message('session.flash_notice.authentication_failed')
+
+    self.current_user = User.authenticate(params[:login], params[:password], servlet_request)
+    if logged_in?
+      if params[:remember_me] == '1'
+        self.current_user.remember_me
+        cookies[:auth_token] = { :value => self.current_user.remember_token , :expires => self.current_user.remember_token_expires_at }
       end
+      redirect_back_or_default(home_url)
+    else
+      flash.now[:loginerror] = message('session.flash_notice.authentication_failed')
     end
   end
 
diff --git a/sonar-server/src/main/webapp/WEB-INF/lib/need_authentication.rb b/sonar-server/src/main/webapp/WEB-INF/lib/need_authentication.rb
index 7c2a5fd4050..7e3ffd3a7e0 100644
--- a/sonar-server/src/main/webapp/WEB-INF/lib/need_authentication.rb
+++ b/sonar-server/src/main/webapp/WEB-INF/lib/need_authentication.rb
@@ -49,28 +49,26 @@ class PluginRealm
   end
 
   def authenticate?(username, password, servlet_request)
-    unless password.blank?
-      details=nil
-      if @java_users_provider
-        begin
-          provider_context = org.sonar.api.security.ExternalUsersProvider::Context.new(username, servlet_request)
-          details = @java_users_provider.doGetUserDetails(provider_context)
-        rescue Exception => e
-          Rails.logger.error("Error from external users provider: #{e.message}")
-          @save_password ? fallback(username, password) : false
+    details=nil
+    if @java_users_provider
+      begin
+        provider_context = org.sonar.api.security.ExternalUsersProvider::Context.new(username, servlet_request)
+        details = @java_users_provider.doGetUserDetails(provider_context)
+      rescue Exception => e
+        Rails.logger.error("Error from external users provider: #{e.message}")
+        @save_password ? fallback(username, password) : false
+      else
+        if details
+          # User exist in external system
+          auth(username, password, servlet_request, details)
         else
-          if details
-            # User exist in external system
-            auth(username, password, servlet_request, details)
-          else
-            # No such user in external system
-            fallback(username, password)
-          end
+          # No such user in external system
+          fallback(username, password)
         end
-      else
-        # Legacy authenticator
-        auth(username, password, servlet_request, nil)
       end
+    else
+      # Legacy authenticator
+      auth(username, password, servlet_request, nil)
     end
   end
 
-- 
2.39.5