Tweak GetAccountByPassword more

This commit is contained in:
Neil Alexander 2022-10-10 11:14:16 +01:00
parent 80a0ab6246
commit fb6cb2dbcb
No known key found for this signature in database
GPG key ID: A02A2019A2BB0944
2 changed files with 7 additions and 1 deletions

View file

@ -68,6 +68,12 @@ func (t *LoginTypePassword) Login(ctx context.Context, req interface{}) (*Login,
JSON: jsonerror.BadJSON("A username must be supplied."),
}
}
if len(r.Password) == 0 {
return nil, &util.JSONResponse{
Code: http.StatusUnauthorized,
JSON: jsonerror.BadJSON("A password must be supplied."),
}
}
localpart, err := userutil.ParseUsernameParam(username, &t.Config.Matrix.ServerName)
if err != nil {
return nil, &util.JSONResponse{

View file

@ -75,7 +75,7 @@ func (d *Database) GetAccountByPassword(
if err != nil {
return nil, err
}
if hash == "" {
if len(hash) == 0 && len(plaintextPassword) > 0 {
return nil, bcrypt.ErrHashTooShort
}
if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(plaintextPassword)); err != nil {