Commit 3b730fc5 authored by Jérome Perrin's avatar Jérome Perrin

refuse users with empty login or empty passwords



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@8813 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 368d4fad
......@@ -80,7 +80,7 @@ class ERP5UserManager(BasePlugin):
return None
def _authenticateCredentials(login, password, path):
if login is None or password is None:
if not login or not password:
return None
user_list = self.getUserByLogin(login)
......@@ -156,6 +156,8 @@ class ERP5UserManager(BasePlugin):
Search the Catalog for login and return a list of person objects
login can be a string list or a list of strings
"""
if not login:
return []
# because we aren't logged in, we have to create our own
# SecurityManager to be able to access the Catalog
sm = getSecurityManager()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment