Ticket #638: 10910_improved_auth_security.patch

File 10910_improved_auth_security.patch, 1.1 KB (added by paul, 3 years ago)

improved_auth_security.patch

  • repository/server/src/java/org/outerj/daisy/authentication/impl/UserAuthenticatorImpl.java

     
    8989 
    9090    public AuthenticatedUser authenticate(Credentials credentials) throws RepositoryException { 
    9191 
     92        if(credentials.getLogin() == null || credentials.getLogin().trim().length() == 0) { 
     93            throw new AuthenticationException("Refusing to authenticate user with empty login"); 
     94        } 
     95         
     96        if(credentials.getPassword() == null || credentials.getPassword().trim().length() == 0) { 
     97            throw new AuthenticationException("Refusing to authenticate user without password"); 
     98        } 
     99 
    92100        // Handle the special case of the user $system 
    93101        if (credentials.getLogin().equals("$system")) { 
    94102            throw new AuthenticationException("User $system is an internally used user that can not log in.");