From b935aebd99369a9c8e848f9d346be56e02c57c4b 2008-02-22 17:26:53 From: Jean-Philippe Lang Date: 2008-02-22 17:26:53 Subject: [PATCH] Fixed: LDAP authentication without password may be possible (#714). git-svn-id: http://redmine.rubyforge.org/svn/trunk@1169 e93f8b46-1217-0410-a6f0-8f06a7374b81 --- diff --git a/app/models/auth_source_ldap.rb b/app/models/auth_source_ldap.rb index b79b3ce..5a6789a 100644 --- a/app/models/auth_source_ldap.rb +++ b/app/models/auth_source_ldap.rb @@ -27,6 +27,7 @@ class AuthSourceLdap < AuthSource end def authenticate(login, password) + return nil if login.blank? || password.blank? attrs = [] # get user's DN ldap_con = initialize_ldap_con(self.account, self.account_password)