Commit abc46ef5 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

ERP5Security: empty password is not allowed.

parent 6467c1f3
......@@ -93,10 +93,10 @@ class ERP5UserManager(BasePlugin):
else:
return
is_authentication_policy_enabled = self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled()
if check_password and not pw_validate(
if check_password and (not credentials.get('password') or not pw_validate(
login_value.getPassword(),
credentials.get('password'),
):
)):
if is_authentication_policy_enabled:
login_value.notifyLoginFailure()
return
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment