Disable authentication for system users without password
authorThierry Florac <thierry.florac@onf.fr>
Mon, 11 Sep 2017 13:53:16 +0200
changeset 90 d58453809379
parent 89 2f97a2669867
child 91 7da0d3862d36
Disable authentication for system users without password
src/pyams_security/plugin/admin.py
--- a/src/pyams_security/plugin/admin.py	Wed Aug 02 09:05:58 2017 +0200
+++ b/src/pyams_security/plugin/admin.py	Mon Sep 11 13:53:16 2017 +0200
@@ -48,11 +48,14 @@
 
     @password.setter
     def password(self, value):
-        manager = get_utility(IPasswordManager, name='SSHA')
-        self._password = manager.encodePassword(value)
+        if value:
+            manager = get_utility(IPasswordManager, name='SSHA')
+            self._password = manager.encodePassword(value)
+        else:
+            self._password = None
 
     def authenticate(self, credentials, request):
-        if not self.enabled:
+        if not (self.enabled and self.password):
             return None
         attrs = credentials.attributes
         login = attrs.get('login')