Fail auth on empty password in DB
This commit is contained in:
parent
e54293cd0e
commit
4b3469335e
@ -688,6 +688,11 @@ func (dc *downstreamConn) authenticate(username, password string) error {
|
||||
return errAuthFailed
|
||||
}
|
||||
|
||||
// Password auth disabled
|
||||
if u.Password == "" {
|
||||
return errAuthFailed
|
||||
}
|
||||
|
||||
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
|
||||
if err != nil {
|
||||
dc.logger.Printf("failed authentication for %q: %v", username, err)
|
||||
|
Loading…
Reference in New Issue
Block a user