public/mailtrain
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Deny access for empty password authentication attempts

Browse source
This commit is contained in:
Johannes Zellner 2016-08-11 14:46:52 +02:00
parent 67fc7939df
commit 2c387351c6
1 changed files with 4 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

4
lib/models/users.js
View file

@ -116,6 +116,10 @@ module.exports.add = (username, password, email, callback) => {
*/ */
module.exports.authenticate = (username, password, callback) => { module.exports.authenticate = (username, password, callback) => {
if (password === '') {
return callback(null, false);
}
let login = (connection, callback) => { let login = (connection, callback) => {
connection.query('SELECT `id`, `password`, `access_token` FROM `users` WHERE `username`=? OR email=? LIMIT 1', [username, username], (err, rows) => { connection.query('SELECT `id`, `password`, `access_token` FROM `users` WHERE `username`=? OR email=? LIMIT 1', [username, username], (err, rows) => {
if (err) { if (err) {