##// END OF EJS Templates
auth-rhodecode: don't fail on bcrypt if user password is set to None....
marcink -
r2153:6de97439 default
parent child Browse files
Show More
@@ -114,7 +114,7 b' class RhodeCodeAuthPlugin(RhodeCodeAuthP'
114 crypto_backend = auth.crypto_backend()
114 crypto_backend = auth.crypto_backend()
115 password_encoded = safe_str(password)
115 password_encoded = safe_str(password)
116 password_match, new_hash = crypto_backend.hash_check_with_upgrade(
116 password_match, new_hash = crypto_backend.hash_check_with_upgrade(
117 password_encoded, userobj.password)
117 password_encoded, userobj.password or '')
118
118
119 if password_match and new_hash:
119 if password_match and new_hash:
120 log.debug('user %s properly authenticated, but '
120 log.debug('user %s properly authenticated, but '
@@ -256,8 +256,9 b' class UserModel(BaseModel):'
256 log_create_user, check_allowed_create_user)
256 log_create_user, check_allowed_create_user)
257
257
258 def _password_change(new_user, password):
258 def _password_change(new_user, password):
259 old_password = new_user.password or ''
259 # empty password
260 # empty password
260 if not new_user.password:
261 if not old_password:
261 return False
262 return False
262
263
263 # password check is only needed for RhodeCode internal auth calls
264 # password check is only needed for RhodeCode internal auth calls
@@ -269,7 +270,7 b' class UserModel(BaseModel):'
269 if new_user.password == password:
270 if new_user.password == password:
270 return False
271 return False
271
272
272 password_match = check_password(password, new_user.password)
273 password_match = check_password(password, old_password)
273 if not password_match:
274 if not password_match:
274 return True
275 return True
275
276
General Comments 0
You need to be logged in to leave comments. Login now