Prevent LDAP authentication with empty password related problems.

git-svn-id: http://redmine.rubyforge.org/svn/trunk@1231 e93f8b46-1217-0410-a6f0-8f06a7374b81
pull/351/head
Jean-Philippe Lang 17 years ago
parent a9c972fbb3
commit 3a75b6771f
  1. 2
      app/models/user.rb

@ -83,6 +83,8 @@ class User < ActiveRecord::Base
# Returns the user that matches provided login and password, or nil
def self.try_to_login(login, password)
# Make sure no one can sign in with an empty password
return nil if password.to_s.empty?
user = find(:first, :conditions => ["login=?", login])
if user
# user is already in local database

Loading…
Cancel
Save