Changeset 7139 for main/waeup.sirp/trunk/src

Timestamp:

19 Nov 2011, 13:08:45 (13 years ago)

Author:

uli

Message:

Make sure unset/empty student password are never accepted by
authenticatin machinery.

File:

• main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py (modified) (1 diff)

main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py

@@ -94 +94 @@
         if not isinstance(password, basestring):
             return False
+        if not getattr(self.context, 'password', None):
+            # unset/empty passwords do never match
+            return False
         passwordmanager = getUtility(IPasswordManager, 'SSHA')
         return passwordmanager.checkPassword(