##// END OF EJS Templates
rhodecode-enterprise-ce
RSS
auth-rhodecode: don't fail on bcrypt if user password is set to None....
marcink -
r2153:6de97439 default
parent child Browse files
Show More
Show file before | Show file after | Hide comments
@@ -114,7 +114,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP'
114 114 crypto_backend = auth.crypto_backend()
115 115 password_encoded = safe_str(password)
116 116 password_match, new_hash = crypto_backend.hash_check_with_upgrade(
117 password_encoded, userobj.password)
117 password_encoded, userobj.password or '')
118 118
119 119 if password_match and new_hash:
120 120 log.debug('user %s properly authenticated, but '
Show file before | Show file after | Hide comments
@@ -256,8 +256,9 b' class UserModel(BaseModel):'
256 256 log_create_user, check_allowed_create_user)
257 257
258 258 def _password_change(new_user, password):
259 old_password = new_user.password or ''
259 260 # empty password
260 if not new_user.password:
261 if not old_password:
261 262 return False
262 263
263 264 # password check is only needed for RhodeCode internal auth calls
@@ -269,7 +270,7 b' class UserModel(BaseModel):'
269 270 if new_user.password == password:
270 271 return False
271 272
272 password_match = check_password(password, new_user.password)
273 password_match = check_password(password, old_password)
273 274 if not password_match:
274 275 return True
275 276
General Comments 0
You need to be logged in to leave comments. Login now