From c769b2a7eb20c9bb10ac989b656ded47ffd4a7f1 Mon Sep 17 00:00:00 2001
From: rverchere <rverchere@gmail.com>
Date: Fri, 16 Apr 2010 04:23:14 +0800
Subject: [PATCH] Closes #1024. Do not create user with ldap auth if wrong
 password

---
 app/controllers/users_controller.rb | 10 +++++++++-
 1 file changed, 9 insertions(+), 1 deletion(-)

diff --git a/app/controllers/users_controller.rb b/app/controllers/users_controller.rb
index 5aa985ba..387c7689 100644
--- a/app/controllers/users_controller.rb
+++ b/app/controllers/users_controller.rb
@@ -71,9 +71,17 @@ class UsersController < ApplicationController
           render :action => "nosignup", :layout => "login"
           return
         end
-        
+
         user = User.new(params['user'])
 
+        if Tracks::Config.auth_schemes.include?('ldap') &&
+            user.auth_type == 'ldap' &&
+            !SimpleLdapAuthenticator.valid?(user.login, params['user']['password'])
+          notify :warning, "Incorrect password"
+          redirect_to :action => 'new'
+          return
+        end
+
         if Tracks::Config.auth_schemes.include?('cas')
           if user.auth_type.eql? "cas"
              user.crypted_password = "cas"