yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge pull request from GHSA-552f-97wf-pmpq

Browse Source 
Co-authored-by: jey <jey@umbraco.dk>
This commit is contained in:
Jey
2024-03-18 08:27:41 +01:00
committed by GitHub
parent 2c23e67c65
commit b743f6a2df
1 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/Umbraco.Infrastructure/Security/UmbracoUserManager.cs
View File

@@ -134,8 +134,8 @@ public abstract class UmbracoUserManager<TUser, TPasswordConfig> : UserManager<T
/// <inheritdoc />
public override async Task<bool> CheckPasswordAsync(TUser user, string? password)
{
// we cannot proceed if the user passed in does not have an identity
if (user.HasIdentity == false)
// we cannot proceed if the user passed in does not have an identity, or if no password is provided.
if (user.HasIdentity == false || password is null)
{
return false;
}
@@ -252,7 +252,7 @@ public abstract class UmbracoUserManager<TUser, TPasswordConfig> : UserManager<T
public async Task<bool> ValidateCredentialsAsync(string username, string password)
{
TUser user = await FindByNameAsync(username);
if (user == null)
{
return false;
@@ -263,7 +263,7 @@ public abstract class UmbracoUserManager<TUser, TPasswordConfig> : UserManager<T
throw new NotSupportedException("The current user store does not implement " +
typeof(IUserPasswordStore<>));
}
var result = await VerifyPasswordAsync(userPasswordStore, user, password);
return result == PasswordVerificationResult.Success || result == PasswordVerificationResult.SuccessRehashNeeded;