Skip to content

Commit

Permalink
Only allow local login if password is non-empty (#5906)
Browse files Browse the repository at this point in the history
  • Loading branch information
@zeripath @lafriks
zeripath authored and lafriks committed Jan 30, 2019
1 parent 80098bd commit 0f295ab
Show file tree
Hide file tree
Showing 2 changed files with 2 additions and 2 deletions.
2 changes: 1 addition & 1 deletion models/login_source.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -644,7 +644,7 @@ func UserSignIn(username, password string) (*User, error) {
if hasUser {
switch user.LoginType {
case LoginNoType, LoginPlain, LoginOAuth2:
if user.ValidatePassword(password) {
if user.IsPasswordSet() && user.ValidatePassword(password) {
return user, nil
}

Expand Down
2 changes: 1 addition & 1 deletion modules/lfs/server.go
View file
Original file line number Diff line number Diff line change
Expand Up @@ -582,7 +582,7 @@ func parseToken(authorization string) (*models.User, *models.Repository, string,
if err != nil {
return nil, nil, "basic", err
}
if !u.ValidatePassword(password) {
if !u.IsPasswordSet() || !u.ValidatePassword(password) {
return nil, nil, "basic", fmt.Errorf("Basic auth failed")
}
return u, nil, "basic", nil
Expand Down

0 comments on commit 0f295ab

Please sign in to comment.