sad/soju
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fail auth on empty password in DB

Browse Source
This commit is contained in:
Simon Ser 2020-06-06 12:52:22 +02:00
parent e54293cd0e
commit 4b3469335e
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
downstream.go
View File

@ -688,6 +688,11 @@ func (dc *downstreamConn) authenticate(username, password string) error {
return errAuthFailed return errAuthFailed
} }
// Password auth disabled
if u.Password == "" {
return errAuthFailed
}
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password)) err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
if err != nil { if err != nil {
dc.logger.Printf("failed authentication for %q: %v", username, err) dc.logger.Printf("failed authentication for %q: %v", username, err)