Only allow local login if password is non-empty (#5906)

2019-01-30 21:18:54 +00:00 · 2019-01-30 21:18:54 +00:00 · 0f295ababa
commit 0f295ababa
parent 80098bd752
2 changed files with 2 additions and 2 deletions
--- a/modules/lfs/server.go
+++ b/modules/lfs/server.go
@ -582,7 +582,7 @@ func parseToken(authorization string) (*models.User, *models.Repository, string,
 		if err != nil {
 			return nil, nil, "basic", err
 		}
-		if !u.ValidatePassword(password) {
+		if !u.IsPasswordSet() || !u.ValidatePassword(password) {
 			return nil, nil, "basic", fmt.Errorf("Basic auth failed")
 		}
 		return u, nil, "basic", nil