Skip to content
Permalink
Browse files Browse the repository at this point in the history
Merge pull request #1345 from alerta/fix-ldap-empty-bind
Do not allow LDAP login with empty password
  • Loading branch information
satterly committed Oct 24, 2020
2 parents b3a9698 + 7397b21 commit 2bfa317
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 1 deletion.
3 changes: 3 additions & 0 deletions alerta/auth/basic_ldap.py
Expand Up @@ -27,6 +27,9 @@ def login():
except KeyError:
raise ApiError("must supply 'username' and 'password'", 401)

if not password:
raise ApiError('password not allowed to be empty', 401)

try:
if '\\' in login:
domain, username = login.split('\\')
Expand Down
2 changes: 1 addition & 1 deletion alerta/models/note.py
Expand Up @@ -55,7 +55,7 @@ def serialize(self) -> Dict[str, Any]:
'updateTime': self.update_time,
'_links': dict(),
'customer': self.customer
}
} # type: Dict[str, Any]
if self.alert:
note['_links'] = {
'alert': absolute_url('/alert/' + self.alert)
Expand Down

0 comments on commit 2bfa317

Please sign in to comment.