Add check to make sure ldap username isn't blank (#1252)

Co-authored-by: Jesus Federico <jesus@123it.ca>
2020-04-16 12:42:27 -04:00
parent da82867abe
commit 7738499978
2 changed files with 22 additions and 6 deletions
--- a/app/controllers/sessions_controller.rb
+++ b/app/controllers/sessions_controller.rb
@ -139,7 +139,9 @@ class SessionsController < ApplicationController
    ldap_config[:base] = ENV['LDAP_BASE']
    ldap_config[:uid] = ENV['LDAP_UID']

-    return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials")) unless session_params[:password].present?
+    if params[:session][:username].blank? || session_params[:password].blank?
+      return redirect_to(ldap_signin_path, alert: I18n.t("invalid_credentials"))
+    end

    result = send_ldap_request(params[:session], ldap_config)