Commit 1d6144e3 authored by Mathis Dedial's avatar Mathis Dedial
Browse files

Fix critical security issue, allowed login with any credentials without checking

parent 4c136282
Pipeline #2735 passed with stage
in 20 seconds
......@@ -100,12 +100,12 @@ def login():
user = request.form['user']
passwd = request.form['passwd']
# Attempt to log in using LDAP
test = ldap_connector.authenticate(user, passwd)
if test is None or passwd == '':
flash('Invalid credentials', 'error')
else:
if ldap_connector.authenticate(user, passwd):
session['user'] = user
return redirect(url_for('index'))
else:
flash('Invalid credentials', 'error')
return render_template('login.html')
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment