diff options
-rw-r--r-- | api/user.go | 6 | ||||
-rw-r--r-- | store/sql_user_store_test.go | 19 |
2 files changed, 25 insertions, 0 deletions
diff --git a/api/user.go b/api/user.go index 03f8b9e3e..e1d5e83dd 100644 --- a/api/user.go +++ b/api/user.go @@ -370,6 +370,12 @@ func Login(c *Context, w http.ResponseWriter, r *http.Request, user *model.User, func login(c *Context, w http.ResponseWriter, r *http.Request) { props := model.MapFromJson(r.Body) + if len(props["password"]) == 0 { + c.Err = model.NewAppError("login", "Password field must not be blank", "") + c.Err.StatusCode = http.StatusForbidden + return + } + var user *model.User if len(props["id"]) != 0 { user = LoginById(c, w, r, props["id"], props["password"], props["device_id"]) diff --git a/store/sql_user_store_test.go b/store/sql_user_store_test.go index 12737caa8..1f94021b2 100644 --- a/store/sql_user_store_test.go +++ b/store/sql_user_store_test.go @@ -236,6 +236,25 @@ func TestUserStoreGetByEmail(t *testing.T) { } } +func TestUserStoreGetByAuthData(t *testing.T) { + Setup() + + u1 := model.User{} + u1.TeamId = model.NewId() + u1.Email = model.NewId() + u1.AuthData = "123" + u1.AuthService = "service" + Must(store.User().Save(&u1)) + + if err := (<-store.User().GetByAuth(u1.TeamId, u1.AuthData, u1.AuthService)).Err; err != nil { + t.Fatal(err) + } + + if err := (<-store.User().GetByAuth("", "", "")).Err; err == nil { + t.Fatal("Should have failed because of missing auth data") + } +} + func TestUserStoreGetByUsername(t *testing.T) { Setup() |