25
1
mirror of https://github.com/processone/ejabberd.git synced 2024-10-07 14:58:56 +02:00

* src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check in all cases that password is not empty.

* src/ejabberd_auth_odbc.erl: Likewise
* src/ejabberd_auth_internal.erl: Likewise
* src/ejabberd_auth_external.erl: Likewise

SVN Revision: 1183
This commit is contained in:
Mickaël Rémond 2008-02-11 18:19:42 +00:00
parent 4b5632a260
commit 0ae7f15ce7
4 changed files with 9 additions and 4 deletions

View File

@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) ->
M:check_password(User, Server, Password, StreamID, Digest)
end, auth_modules(Server)).
%% We do not allow empty password:
set_password(_User, _Server, "") ->
{error, not_allowed};
set_password(User, Server, Password) ->
lists:foldl(
fun(M, {error, _}) ->
@ -93,6 +96,9 @@ set_password(User, Server, Password) ->
Res
end, {error, not_allowed}, auth_modules(Server)).
%% We do not allow empty password:
try_register(_User, _Server, "") ->
{error, not_allowed};
try_register(User, Server, Password) ->
case is_user_exists(User,Server) of
true ->

View File

@ -55,7 +55,7 @@ plain_password_required() ->
true.
check_password(User, Server, Password) ->
extauth:check_password(User, Server, Password).
extauth:check_password(User, Server, Password) andalso Password /= "".
check_password(User, Server, Password, _StreamID, _Digest) ->
check_password(User, Server, Password).

View File

@ -72,7 +72,7 @@ check_password(User, Server, Password) ->
US = {LUser, LServer},
case catch mnesia:dirty_read({passwd, US}) of
[#passwd{password = Password}] ->
true;
Password /= "";
_ ->
false
end.
@ -113,7 +113,6 @@ set_password(User, Server, Password) ->
mnesia:transaction(F)
end.
try_register(User, Server, Password) ->
LUser = jlib:nodeprep(User),
LServer = jlib:nameprep(Server),

View File

@ -70,7 +70,7 @@ check_password(User, Server, Password) ->
LServer = jlib:nameprep(Server),
case catch odbc_queries:get_password(LServer, Username) of
{selected, ["password"], [{Password}]} ->
true;
Password /= "";
_ ->
false
end