Commit abc46ef5 authored by Kazuhiko Shiozaki's avatar Kazuhiko Shiozaki

ERP5Security: empty password is not allowed.

parent 6467c1f3
...@@ -93,10 +93,10 @@ class ERP5UserManager(BasePlugin): ...@@ -93,10 +93,10 @@ class ERP5UserManager(BasePlugin):
else: else:
return return
is_authentication_policy_enabled = self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled() is_authentication_policy_enabled = self.getPortalObject().portal_preferences.isAuthenticationPolicyEnabled()
if check_password and not pw_validate( if check_password and (not credentials.get('password') or not pw_validate(
login_value.getPassword(), login_value.getPassword(),
credentials.get('password'), credentials.get('password'),
): )):
if is_authentication_policy_enabled: if is_authentication_policy_enabled:
login_value.notifyLoginFailure() login_value.notifyLoginFailure()
return return
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment