Skip to content

Commit f551350

Browse files
beledouxdenisbeledouxdenis
committed
[FIX]auth_crypt: check_credentials checking if there is a password stored, if not, not trying to crypt anything and raise
bzr revid: [email protected]
1 parent 5895b17 commit f551350

File tree

1 file changed

+10
-9
lines changed

1 file changed

+10
-9
lines changed

addons/auth_crypt/auth_crypt.py

+10-9
Original file line numberDiff line numberDiff line change
@@ -143,22 +143,23 @@ def check_credentials(self, cr, uid, password):
143143
cr.execute('SELECT password, password_crypt FROM res_users WHERE id=%s AND active', (uid,))
144144
if cr.rowcount:
145145
stored_password, stored_password_crypt = cr.fetchone()
146-
if password and not stored_password_crypt:
146+
if stored_password and not stored_password_crypt:
147147
salt = gen_salt()
148148
stored_password_crypt = md5crypt(stored_password, salt)
149149
cr.execute("UPDATE res_users SET password='', password_crypt=%s WHERE id=%s", (stored_password_crypt, uid))
150150
try:
151151
return super(res_users, self).check_credentials(cr, uid, password)
152152
except openerp.exceptions.AccessDenied:
153153
# check md5crypt
154-
if stored_password_crypt[:len(magic_md5)] == magic_md5:
155-
salt = stored_password_crypt[len(magic_md5):11]
156-
if stored_password_crypt == md5crypt(password, salt):
157-
return
158-
elif stored_password_crypt[:len(magic_md5)] == magic_sha256:
159-
salt = stored_password_crypt[len(magic_md5):11]
160-
if stored_password_crypt == md5crypt(password, salt):
161-
return
154+
if stored_password_crypt:
155+
if stored_password_crypt[:len(magic_md5)] == magic_md5:
156+
salt = stored_password_crypt[len(magic_md5):11]
157+
if stored_password_crypt == md5crypt(password, salt):
158+
return
159+
elif stored_password_crypt[:len(magic_md5)] == magic_sha256:
160+
salt = stored_password_crypt[len(magic_md5):11]
161+
if stored_password_crypt == md5crypt(password, salt):
162+
return
162163
# Reraise password incorrect
163164
raise
164165

0 commit comments

Comments
 (0)