From 746a52896c8544ea13f2fbcfe262281814b6b4a7 Mon Sep 17 00:00:00 2001 From: Kevin Fourie Date: Wed, 23 May 2007 14:52:42 +0000 Subject: [PATCH] KTC-89 "Unregistered Users from Active Directory Authenticated Sources can log onto KT without needing to enter a password." Changed the way this was fixed on advice from Neil Blakey-Milner. The original fix would break other Auth providers like OpenID and CAS. Thanks Neil! --- lib/authentication/authenticationutil.inc.php | 8 -------- plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php | 5 +++++ 2 files changed, 5 insertions(+), 8 deletions(-) diff --git a/lib/authentication/authenticationutil.inc.php b/lib/authentication/authenticationutil.inc.php index 3fc770c..18f2ab1 100644 --- a/lib/authentication/authenticationutil.inc.php +++ b/lib/authentication/authenticationutil.inc.php @@ -76,14 +76,6 @@ class KTAuthenticationUtil { $oProvider = KTAuthenticationUtil::getAuthenticationProviderForSource($oSource); $res = $oProvider->autoSignup($sUsername, $sPassword, $aExtra, $oSource); if ($res) { - $oUser = User::getByUsername($sUsername); - // TODO: The check for this lower down....checkPassword - if(empty($sPassword) || is_null($oUser) || PEAR::isError($oUser)){ - return false; - } - if(!KTAuthenticationUtil::checkPassword($oUser, $sPassword)){ - return false; - } return $res; } } diff --git a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php index 1772bcb..e67a53b 100644 --- a/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php +++ b/plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php @@ -639,6 +639,11 @@ class KTLDAPBaseAuthenticator extends Authenticator { } function checkSignupPassword($sUsername, $sPassword) { + + if(empty($sPassword) || empty($sUsername)) { + return false; + } + $aUsers = $this->findUser($sUsername); if (empty($aUsers)) { return false; -- libgit2 0.21.4