KTC-89

"Unregistered Users from Active Directory Authenticated Sources can log onto KT without needing to enter a password." Changed the way this was fixed on advice from Neil Blakey-Milner. The original fix would break other Auth providers like OpenID and CAS. Thanks Neil! Reviewed By: Conrad git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6585 c91229c3-7414-0410-bfa2-8a42b809f60b

KTC-89
"Unregistered Users from Active Directory Authenticated Sources can log onto KT without needing to enter a password." Changed the way this was fixed on advice from Neil Blakey-Milner. The original fix would break other Auth providers like OpenID and CAS. Thanks Neil! Reviewed By: Conrad git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@6585 c91229c3-7414-0410-bfa2-8a42b809f60b
Kevin Fourie
1 parent e78a1d0f
Showing 2 changed files with 5 additions and 8 deletions
lib/authentication/authenticationutil.inc.php
plugins/ktstandard/ldap/ldapbaseauthenticationprovider.inc.php
@@ -76,14 +76,6 @@ class KTAuthenticationUtil {
             $oProvider = KTAuthenticationUtil::getAuthenticationProviderForSource($oSource);
             $res = $oProvider->autoSignup($sUsername, $sPassword, $aExtra, $oSource);
             if ($res) {
-                $oUser = User::getByUsername($sUsername);
-                // TODO: The check for this lower down....checkPassword
-                if(empty($sPassword) || is_null($oUser) || PEAR::isError($oUser)){
-                	return false;
-                }
-                if(!KTAuthenticationUtil::checkPassword($oUser, $sPassword)){
-		        	return false;
-		        }
                 return $res;
             }
         }
@@ -639,6 +639,11 @@ class KTLDAPBaseAuthenticator extends Authenticator {
     }
  
     function checkSignupPassword($sUsername, $sPassword) {
+    
+        if(empty($sPassword) || empty($sUsername)) {
+            return false;
+        }
+
         $aUsers = $this->findUser($sUsername);
         if (empty($aUsers)) {
             return false;