From 7e1d1a1968000226cd882fff078b122b8d46c44d Mon Sep 17 00:00:00 2001 From: Jey Date: Mon, 18 Mar 2024 08:27:41 +0100 Subject: [PATCH] Merge pull request from GHSA-552f-97wf-pmpq Co-authored-by: jey (cherry picked from commit b743f6a2df7c4e8bc72d6aaffd2ae1544ed2ad1a) --- src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs b/src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs index 96f0025efa..231f2b3b1a 100644 --- a/src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs +++ b/src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs @@ -134,8 +134,8 @@ public abstract class UmbracoUserManager : UserManager public override async Task CheckPasswordAsync(TUser user, string? password) { - // we cannot proceed if the user passed in does not have an identity - if (user.HasIdentity == false) + // we cannot proceed if the user passed in does not have an identity, or if no password is provided. + if (user.HasIdentity == false || password is null) { return false; } @@ -252,7 +252,7 @@ public abstract class UmbracoUserManager : UserManager ValidateCredentialsAsync(string username, string password) { TUser user = await FindByNameAsync(username); - + if (user == null) { return false; @@ -263,7 +263,7 @@ public abstract class UmbracoUserManager : UserManager)); } - + var result = await VerifyPasswordAsync(userPasswordStore, user, password); return result == PasswordVerificationResult.Success || result == PasswordVerificationResult.SuccessRehashNeeded;