self-hosted/Mailu
1
0
Fork 0
mirror of https://github.com/Mailu/Mailu.git synced 2024-12-14 10:53:30 +02:00
Code Issues Releases Activity

Merge #2015

Browse Source 
2015: Prevent logins with no password r=mergify[bot] a=nextgens

## What type of PR?

enhancement

## What does this PR do?

Prevent logins with no password; These may occur with imported hashes.


Co-authored-by: Florent Daigniere <nextgens@freenetproject.org>
This commit is contained in:
bors[bot] 2021-10-14 17:19:47 +00:00 committed by GitHub
commit a9ec601e3e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/admin/mailu/models.py
View File

@ -562,6 +562,8 @@ class User(Base, Email):
""" verifies password against stored hash
and updates hash if outdated
"""
if password == '':
return False
cache_result = self._credential_cache.get(self.get_id())
current_salt = self.password.split('$')[3] if len(self.password.split('$')) == 5 else None
if cache_result and current_salt: