diff options
| -rw-r--r-- | src/ejabberd_auth.erl | 6 | ||||
| -rw-r--r-- | src/ejabberd_auth_external.erl | 2 | ||||
| -rw-r--r-- | src/ejabberd_auth_internal.erl | 3 | ||||
| -rw-r--r-- | src/ejabberd_auth_odbc.erl | 2 |
4 files changed, 9 insertions, 4 deletions
diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl index f791c6063..62282957e 100644 --- a/src/ejabberd_auth.erl +++ b/src/ejabberd_auth.erl @@ -85,6 +85,9 @@ check_password(User, Server, Password, StreamID, Digest) -> M:check_password(User, Server, Password, StreamID, Digest) end, auth_modules(Server)). +%% We do not allow empty password: +set_password(_User, _Server, "") -> + {error, not_allowed}; set_password(User, Server, Password) -> lists:foldl( fun(M, {error, _}) -> @@ -93,6 +96,9 @@ set_password(User, Server, Password) -> Res end, {error, not_allowed}, auth_modules(Server)). +%% We do not allow empty password: +try_register(_User, _Server, "") -> + {error, not_allowed}; try_register(User, Server, Password) -> case is_user_exists(User,Server) of true -> diff --git a/src/ejabberd_auth_external.erl b/src/ejabberd_auth_external.erl index 13dafa711..19ae6818d 100644 --- a/src/ejabberd_auth_external.erl +++ b/src/ejabberd_auth_external.erl @@ -55,7 +55,7 @@ plain_password_required() -> true. check_password(User, Server, Password) -> - extauth:check_password(User, Server, Password). + extauth:check_password(User, Server, Password) andalso Password /= "". check_password(User, Server, Password, _StreamID, _Digest) -> check_password(User, Server, Password). diff --git a/src/ejabberd_auth_internal.erl b/src/ejabberd_auth_internal.erl index 6f27a49e6..56b775be6 100644 --- a/src/ejabberd_auth_internal.erl +++ b/src/ejabberd_auth_internal.erl @@ -72,7 +72,7 @@ check_password(User, Server, Password) -> US = {LUser, LServer}, case catch mnesia:dirty_read({passwd, US}) of [#passwd{password = Password}] -> - true; + Password /= ""; _ -> false end. @@ -113,7 +113,6 @@ set_password(User, Server, Password) -> mnesia:transaction(F) end. - try_register(User, Server, Password) -> LUser = jlib:nodeprep(User), LServer = jlib:nameprep(Server), diff --git a/src/ejabberd_auth_odbc.erl b/src/ejabberd_auth_odbc.erl index 076ac9380..28f01239f 100644 --- a/src/ejabberd_auth_odbc.erl +++ b/src/ejabberd_auth_odbc.erl @@ -70,7 +70,7 @@ check_password(User, Server, Password) -> LServer = jlib:nameprep(Server), case catch odbc_queries:get_password(LServer, Username) of {selected, ["password"], [{Password}]} -> - true; + Password /= ""; _ -> false end |