diff options
| author | Neil Alexander <neilalexander@users.noreply.github.com> | 2022-10-10 11:14:16 +0100 |
|---|---|---|
| committer | Neil Alexander <neilalexander@users.noreply.github.com> | 2022-10-10 11:14:16 +0100 |
| commit | fb6cb2dbcbeb7cd7546ca4d126394720d215c310 (patch) | |
| tree | a40f27545a4ac651ea3bf68d846d71bb229a3541 | |
| parent | 80a0ab6246aa095f428430c38b13861406dd5c78 (diff) | |
Tweak `GetAccountByPassword` more
| -rw-r--r-- | clientapi/auth/password.go | 6 | ||||
| -rw-r--r-- | userapi/storage/shared/storage.go | 2 |
2 files changed, 7 insertions, 1 deletions
diff --git a/clientapi/auth/password.go b/clientapi/auth/password.go index bcb4ca97..890b1818 100644 --- a/clientapi/auth/password.go +++ b/clientapi/auth/password.go @@ -68,6 +68,12 @@ func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login, JSON: jsonerror.BadJSON("A username must be supplied."), } } + if len(r.Password) == 0 { + return nil, &util.JSONResponse{ + Code: http.StatusUnauthorized, + JSON: jsonerror.BadJSON("A password must be supplied."), + } + } localpart, err := userutil.ParseUsernameParam(username, &t.Config.Matrix.ServerName) if err != nil { return nil, &util.JSONResponse{ diff --git a/userapi/storage/shared/storage.go b/userapi/storage/shared/storage.go index 09eeedc9..4e28f7b5 100644 --- a/userapi/storage/shared/storage.go +++ b/userapi/storage/shared/storage.go @@ -75,7 +75,7 @@ func (d *Database) GetAccountByPassword( if err != nil { return nil, err } - if hash == "" { + if len(hash) == 0 && len(plaintextPassword) > 0 { return nil, bcrypt.ErrHashTooShort } if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(plaintextPassword)); err != nil { |