diff --git a/lib/Cake/Controller/Component/Auth/BaseAuthenticate.php b/lib/Cake/Controller/Component/Auth/BaseAuthenticate.php index 6541a15e3..65a0b80d3 100644 --- a/lib/Cake/Controller/Component/Auth/BaseAuthenticate.php +++ b/lib/Cake/Controller/Component/Auth/BaseAuthenticate.php @@ -1,7 +1,5 @@ passwordHasher()->check($password, $user[$fields['password']])) { return false; } diff --git a/lib/Cake/Test/Case/Controller/Component/Auth/FormAuthenticateTest.php b/lib/Cake/Test/Case/Controller/Component/Auth/FormAuthenticateTest.php index deacfdec2..90f5797c9 100644 --- a/lib/Cake/Test/Case/Controller/Component/Auth/FormAuthenticateTest.php +++ b/lib/Cake/Test/Case/Controller/Component/Auth/FormAuthenticateTest.php @@ -118,6 +118,40 @@ class FormAuthenticateTest extends CakeTestCase { $this->assertFalse($this->auth->authenticate($request, $this->response)); } +/** + * Test for password as empty string with _checkFields() call skipped + * Refs https://github.com/cakephp/cakephp/pull/2441 + * + * @return void + */ + public function testAuthenticatePasswordIsEmptyString() { + $request = new CakeRequest('posts/index', false); + $request->data = array( + 'User' => array( + 'user' => 'mariano', + 'password' => '' + )); + + $this->auth = $this->getMock( + 'FormAuthenticate', + array('_checkFields'), + array( + $this->Collection, + array( + 'fields' => array('username' => 'user', 'password' => 'password'), + 'userModel' => 'User' + ) + ) + ); + + // Simulate that check for ensuring password is not empty is missing. + $this->auth->expects($this->once()) + ->method('_checkFields') + ->will($this->returnValue(true)); + + $this->assertFalse($this->auth->authenticate($request, $this->response)); + } + /** * test authenticate field is not string *