Changeset 1754

Timestamp:

04/25/16 15:29:28 (8 years ago)

Author:

nanardon

Message:

Fix banned password detection

File:

• trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm (modified) (2 diffs)

trunk/LATMOS-Accounts/lib/LATMOS/Accounts/Bases/Sql/User.pm

@@ -1637 +1637 @@
     my ( $self, $password ) = @_;
 
-    if (my $res = $self->SUPER::check_password($password)) {
+    my $res = $self->SUPER::check_password($password);
+    if ($res !~ /^ok$/) {
         return $res;
     }
@@ -1643 +1644 @@
     foreach my $banned ($self->_get_attributes('bannedPassword')) {
         my ($date, $oldPassword) = $banned =~ /^([^;]*);(.*)/;
-        warn $password;
-        if (crypt($oldPassword, $password) eq $password) {
+        if (crypt($password, $oldPassword) eq $oldPassword) {
             return "Banned password, cannot be used anymore";
         }
     }
 
-    return;
+    return 'ok';
 }