Commit 3b730fc5 authored by Jérome Perrin's avatar Jérome Perrin

refuse users with empty login or empty passwords



git-svn-id: https://svn.erp5.org/repos/public/erp5/trunk@8813 20353a03-c40f-0410-a6d1-a30d3c3de9de
parent 368d4fad
...@@ -80,7 +80,7 @@ class ERP5UserManager(BasePlugin): ...@@ -80,7 +80,7 @@ class ERP5UserManager(BasePlugin):
return None return None
def _authenticateCredentials(login, password, path): def _authenticateCredentials(login, password, path):
if login is None or password is None: if not login or not password:
return None return None
user_list = self.getUserByLogin(login) user_list = self.getUserByLogin(login)
...@@ -156,6 +156,8 @@ class ERP5UserManager(BasePlugin): ...@@ -156,6 +156,8 @@ class ERP5UserManager(BasePlugin):
Search the Catalog for login and return a list of person objects Search the Catalog for login and return a list of person objects
login can be a string list or a list of strings login can be a string list or a list of strings
""" """
if not login:
return []
# because we aren't logged in, we have to create our own # because we aren't logged in, we have to create our own
# SecurityManager to be able to access the Catalog # SecurityManager to be able to access the Catalog
sm = getSecurityManager() sm = getSecurityManager()
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment