Fail auth on empty password in DB
This commit is contained in:
parent
e54293cd0e
commit
4b3469335e
@ -688,6 +688,11 @@ func (dc *downstreamConn) authenticate(username, password string) error {
|
|||||||
return errAuthFailed
|
return errAuthFailed
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// Password auth disabled
|
||||||
|
if u.Password == "" {
|
||||||
|
return errAuthFailed
|
||||||
|
}
|
||||||
|
|
||||||
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
|
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
|
||||||
if err != nil {
|
if err != nil {
|
||||||
dc.logger.Printf("failed authentication for %q: %v", username, err)
|
dc.logger.Printf("failed authentication for %q: %v", username, err)
|
||||||
|
Loading…
Reference in New Issue
Block a user