llvy.ltd/casdoor
1
0
Fork 0
mirror of https://github.com/casdoor/casdoor.git synced 2025-07-03 12:30:19 +08:00
Code Issues Packages Projects Releases Wiki Activity

fix: comparing hashed password with plain text password during password grant (#627)

Browse Source 
* fix: use object.CheckPassword for password grant

* Apply suggestions from code review

fix: remove log per change request
This commit is contained in:
Minh Ha
2022-03-30 05:37:38 +13:00
committed by GitHub
parent e3f5bf93b2
commit 24459d852e
1 changed files with 2 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

3
object/token.go
View File

@ -522,7 +522,8 @@ func GetPasswordToken(application *Application, username string, password string
if user == nil { if user == nil {
return nil, errors.New("error: the user does not exist") return nil, errors.New("error: the user does not exist")
} }
if user.Password != password { msg := CheckPassword(user, password)
if msg != "" {
return nil, errors.New("error: invalid username or password") return nil, errors.New("error: invalid username or password")
} }
if user.IsForbidden { if user.IsForbidden {