Stronger passwordless account checks (fixes #2780)

author: Neil Alexander <neilalexander@users.noreply.github.com> 2022-10-10 10:39:29 +0100
committer: Neil Alexander <neilalexander@users.noreply.github.com> 2022-10-10 10:39:29 +0100
commit: 980fa55846811eeff89f116c49b38b085143c64e (patch)
tree: ffa5fa485bae1fbbb27b54befecf03a43b7e8a26 /userapi/internal/api.go
parent: f1b8df0f49a8a2f2c3c9c4d421b880bd2b008e08 (diff)
1 files changed, 2 insertions, 0 deletions
diff --git a/userapi/internal/api.go b/userapi/internal/api.go
index 591faffd..2f7795df 100644
--- a/userapi/internal/api.go
+++ b/userapi/internal/api.go
@@ -838,6 +838,8 @@ func (a *UserInternalAPI) QueryAccountByPassword(ctx context.Context, req *api.Q
 		return nil
 	case bcrypt.ErrMismatchedHashAndPassword: // user exists, but password doesn't match
 		return nil
+	case bcrypt.ErrHashTooShort: // user exists, but probably a passwordless account
+		return nil
 	default:
 		res.Exists = true
 		res.Account = acc
author	Neil Alexander <neilalexander@users.noreply.github.com>	2022-10-10 10:39:29 +0100
committer	Neil Alexander <neilalexander@users.noreply.github.com>	2022-10-10 10:39:29 +0100
commit	980fa55846811eeff89f116c49b38b085143c64e (patch)
tree	ffa5fa485bae1fbbb27b54befecf03a43b7e8a26 /userapi/internal/api.go
parent	f1b8df0f49a8a2f2c3c9c4d421b880bd2b008e08 (diff)