mirror of
https://github.com/1f349/dendrite.git
synced 2024-11-09 22:42:58 +00:00
Stronger passwordless account checks (fixes #2780)
This commit is contained in:
parent
f1b8df0f49
commit
980fa55846
@ -838,6 +838,8 @@ func (a *UserInternalAPI) QueryAccountByPassword(ctx context.Context, req *api.Q
|
||||
return nil
|
||||
case bcrypt.ErrMismatchedHashAndPassword: // user exists, but password doesn't match
|
||||
return nil
|
||||
case bcrypt.ErrHashTooShort: // user exists, but probably a passwordless account
|
||||
return nil
|
||||
default:
|
||||
res.Exists = true
|
||||
res.Account = acc
|
||||
|
@ -75,6 +75,9 @@ func (d *Database) GetAccountByPassword(
|
||||
if err != nil {
|
||||
return nil, err
|
||||
}
|
||||
if hash == "" {
|
||||
return nil, bcrypt.ErrHashTooShort
|
||||
}
|
||||
if err := bcrypt.CompareHashAndPassword([]byte(hash), []byte(plaintextPassword)); err != nil {
|
||||
return nil, err
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user