diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-03-12 17:56:19 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2008-03-12 17:56:19 +0000 |
| commit | 3a75b6771fa1bb6ba79895312ee9d1325be6663d (patch) | |
| tree | c940d2aa7b93938bbed33cacfdbab3ca08c07966 | |
| parent | a9c972fbb3c7379fc251b8779d7dc1acd6e48f8f (diff) | |
| download | redmine-3a75b6771fa1bb6ba79895312ee9d1325be6663d.tar.gz redmine-3a75b6771fa1bb6ba79895312ee9d1325be6663d.zip | |
Prevent LDAP authentication with empty password related problems.
git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81
| -rw-r--r-- | app/models/user.rb | 2 |
1 files changed, 2 insertions, 0 deletions
diff --git a/app/models/user.rb b/app/models/user.rb index 2dd698f28..ae81d46d2 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -83,6 +83,8 @@ class User < ActiveRecord::Base # Returns the user that matches provided login and password, or nil def self.try_to_login(login, password) + # Make sure no one can sign in with an empty password + return nil if password.to_s.empty? user = find(:first, :conditions => ["login=?", login]) if user # user is already in local database |