Fail auth on empty password in DB

This commit is contained in:
Simon Ser 2020-06-06 12:52:22 +02:00
parent e54293cd0e
commit 4b3469335e
No known key found for this signature in database
GPG Key ID: 0FDE7BE0E88F5E48

View File

@ -688,6 +688,11 @@ func (dc *downstreamConn) authenticate(username, password string) error {
return errAuthFailed return errAuthFailed
} }
// Password auth disabled
if u.Password == "" {
return errAuthFailed
}
err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password)) err = bcrypt.CompareHashAndPassword([]byte(u.Password), []byte(password))
if err != nil { if err != nil {
dc.logger.Printf("failed authentication for %q: %v", username, err) dc.logger.Printf("failed authentication for %q: %v", username, err)