Fix panic when logging in to userpass without a valid user (#7160)
This commit is contained in:
parent
3b22ab2486
commit
2f41018df8
|
@ -64,11 +64,6 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
|
|||
// Get the user and validate auth
|
||||
user, userError := b.user(ctx, req.Storage, username)
|
||||
|
||||
// Check for a CIDR match.
|
||||
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
|
||||
return nil, logical.ErrPermissionDenied
|
||||
}
|
||||
|
||||
var userPassword []byte
|
||||
var legacyPassword bool
|
||||
// If there was an error or it's nil, we fake a password for the bcrypt
|
||||
|
@ -108,6 +103,11 @@ func (b *backend) pathLogin(ctx context.Context, req *logical.Request, d *framew
|
|||
return logical.ErrorResponse("invalid username or password"), nil
|
||||
}
|
||||
|
||||
// Check for a CIDR match.
|
||||
if !cidrutil.RemoteAddrIsOk(req.Connection.RemoteAddr, user.TokenBoundCIDRs) {
|
||||
return nil, logical.ErrPermissionDenied
|
||||
}
|
||||
|
||||
auth := &logical.Auth{
|
||||
Metadata: map[string]string{
|
||||
"username": username,
|
||||
|
|
Loading…
Reference in a new issue