# HG changeset patch
# User Marcin Kuzminski <marcin@rhodecode.com>
# Date 2017-10-27 14:29:46
# Node ID 8a18c3c32f431abe782b41b9131fc370d4727b4d
# Parent  a5ea97dabc9dc8349018323af79f73f3d326a2f3

auth: don't break hashing in case of user with empty password.

In some cases such as LDAP user created via external scripts users might
set the passwords to empty. The hashing uses the md5(password_hash) to
store reference to detect password changes and forbid using the same password.

In case of pure LDAP users this is not valid, and we shouldn't raise Errors in such
case. This change makes it work for empty passwords now.

diff --git a/rhodecode/lib/auth.py b/rhodecode/lib/auth.py
--- a/rhodecode/lib/auth.py
+++ b/rhodecode/lib/auth.py
@@ -1245,7 +1245,7 @@ class AuthUser(object):
     def get_cookie_store(self):
         return {
             'username': self.username,
-            'password': md5(self.password),
+            'password': md5(self.password or ''),
             'user_id': self.user_id,
             'is_authenticated': self.is_authenticated
         }