Ignore:
Timestamp:
19 Nov 2011, 13:08:45 (13 years ago)
Author:
uli
Message:

Make sure unset/empty student password are never accepted by
authenticatin machinery.

File:
1 edited

Legend:

Unmodified
Added
Removed
  • main/waeup.sirp/trunk/src/waeup/sirp/students/authentication.py

    r7137 r7139  
    9494        if not isinstance(password, basestring):
    9595            return False
     96        if not getattr(self.context, 'password', None):
     97            # unset/empty passwords do never match
     98            return False
    9699        passwordmanager = getUtility(IPasswordManager, 'SSHA')
    97100        return passwordmanager.checkPassword(
Note: See TracChangeset for help on using the changeset viewer.