prevent user creation with empty password

2 files changed, 10 insertions, 1 deletions

diff --git a/lib/user.php b/lib/user.php
index 816caff8dd8..e409fe4e501 100644
--- a/lib/user.php
+++ b/lib/user.php
@@ -123,6 +123,11 @@ class OC_User {
 		if(trim($uid) == ''){
 			throw new Exception('A valid username must be provided');
 		}
+		// No empty password
+		if(trim($password) == ''){
+			throw new Exception('A valid password must be provided');
+		}
+		
 		// Check if user already exists
 		if( self::userExists($uid) ){
 			throw new Exception('The username is already being used');
diff --git a/settings/js/users.js b/settings/js/users.js
index 971da7abe98..7c3c3d37b18 100644
--- a/settings/js/users.js
+++ b/settings/js/users.js
@@ -157,6 +157,7 @@ $(document).ready(function(){
 	$('#newuser').submit(function(event){
 		event.preventDefault();
 		var username=$('#newusername').val();
+		var password=$('#newuserpassword').val();
 		if($('#content table tbody tr').filterAttr('data-uid',username).length>0){
 			OC.dialogs.alert('The username is already being used', 'Error creating user');
 			return;
@@ -165,7 +166,10 @@ $(document).ready(function(){
 			OC.dialogs.alert('A valid username must be provided', 'Error creating user');
 			return false;
 		}
-		var password=$('#newuserpassword').val();
+		if($.trim(password) == '') {
+			OC.dialogs.alert('A valid password must be provided', 'Error creating user');
+			return false;
+		}
 		var groups=$('#newusergroups').prev().children('div').data('settings').checked;
 		$('#newuser').get(0).reset();
 		$.post(