mirror of
https://github.com/processone/ejabberd.git
synced 2024-11-28 16:34:13 +01:00
* src/ejabberd_auth.erl: Do not allow empty password at creation. On authent, check in all cases that password is not empty.
* src/ejabberd_auth_odbc.erl: Likewise * src/ejabberd_auth_internal.erl: Likewise * src/ejabberd_auth_external.erl: Likewise SVN Revision: 1183
This commit is contained in:
parent
4b5632a260
commit
0ae7f15ce7
@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) ->
|
||||
M:check_password(User, Server, Password, StreamID, Digest)
|
||||
end, auth_modules(Server)).
|
||||
|
||||
%% We do not allow empty password:
|
||||
set_password(_User, _Server, "") ->
|
||||
{error, not_allowed};
|
||||
set_password(User, Server, Password) ->
|
||||
lists:foldl(
|
||||
fun(M, {error, _}) ->
|
||||
@ -93,6 +96,9 @@ set_password(User, Server, Password) ->
|
||||
Res
|
||||
end, {error, not_allowed}, auth_modules(Server)).
|
||||
|
||||
%% We do not allow empty password:
|
||||
try_register(_User, _Server, "") ->
|
||||
{error, not_allowed};
|
||||
try_register(User, Server, Password) ->
|
||||
case is_user_exists(User,Server) of
|
||||
true ->
|
||||
|
@ -55,7 +55,7 @@ plain_password_required() ->
|
||||
true.
|
||||
|
||||
check_password(User, Server, Password) ->
|
||||
extauth:check_password(User, Server, Password).
|
||||
extauth:check_password(User, Server, Password) andalso Password /= "".
|
||||
|
||||
check_password(User, Server, Password, _StreamID, _Digest) ->
|
||||
check_password(User, Server, Password).
|
||||
|
@ -72,7 +72,7 @@ check_password(User, Server, Password) ->
|
||||
US = {LUser, LServer},
|
||||
case catch mnesia:dirty_read({passwd, US}) of
|
||||
[#passwd{password = Password}] ->
|
||||
true;
|
||||
Password /= "";
|
||||
_ ->
|
||||
false
|
||||
end.
|
||||
@ -113,7 +113,6 @@ set_password(User, Server, Password) ->
|
||||
mnesia:transaction(F)
|
||||
end.
|
||||
|
||||
|
||||
try_register(User, Server, Password) ->
|
||||
LUser = jlib:nodeprep(User),
|
||||
LServer = jlib:nameprep(Server),
|
||||
|
@ -70,7 +70,7 @@ check_password(User, Server, Password) ->
|
||||
LServer = jlib:nameprep(Server),
|
||||
case catch odbc_queries:get_password(LServer, Username) of
|
||||
{selected, ["password"], [{Password}]} ->
|
||||
true;
|
||||
Password /= "";
|
||||
_ ->
|
||||
false
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user