mirror of
https://github.com/hoernschen/dendrite.git
synced 2024-12-26 15:08:28 +00:00
Stronger passwordless account checks (fixes #2780)
This commit is contained in:
parent
f1b8df0f49
commit
980fa55846
2 changed files with 5 additions and 0 deletions
|
@ -838,6 +838,8 @@ func (a *UserInternalAPI) QueryAccountByPassword(ctx context.Context, req *api.Q
|
|||
return nil
|
||||
case bcrypt.ErrMismatchedHashAndPassword: // user exists, but password doesn't match
|
||||
return nil
|
||||
case bcrypt.ErrHashTooShort: // user exists, but probably a passwordless account
|
||||
return nil
|
||||
default:
|
||||
res.Exists = true
|
||||
res.Account = acc
|
||||
|
|
|
@ -75,6 +75,9 @@ func (d *Database) GetAccountByPassword(
|
|||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if hash == "" {
|
||||
return nil, bcrypt.ErrHashTooShort
|
||||
}
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(plaintextPassword)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue