Fail on empty password

NaturalHistoryMuseum · Apr 11, 2017 · 1e9e56f · 1e9e56f
1 parent 2a3b511
commit 1e9e56f
Showing 1 changed file with 5 additions and 1 deletion.
diff --git a/ckanext/ldap/controllers/user.py b/ckanext/ldap/controllers/user.py
@@ -271,7 +271,7 @@ def _ldap_search(cnx, filter_str, attributes, non_unique='raise'):
 
 
 def _check_ldap_password(cn, password):
-    """Checkes that the given cn/password credentials work on the given CN.
+    """Checks that the given cn/password credentials work on the given CN.
 
     @param cn: Common name to log on
     @param password: Password for cn
@@ -286,5 +286,9 @@ def _check_ldap_password(cn, password):
     except ldap.INVALID_CREDENTIALS:
         log.debug('Invalid LDAP credentials')
         return False
+    # Fail on empty password
+    if password == '':
+        log.debug('Invalid LDAP credentials')
+        return False
     cnx.unbind_s()
     return True