From 63d4c5054e0d05a80452f11474ea068866a94271 Mon Sep 17 00:00:00 2001
From: Naoki Takezoe <takezoe@gmail.com>
Date: Sat, 25 Jul 2020 17:49:58 +0900
Subject: [PATCH] Deny empty password (#2488)

---
 src/main/scala/gitbucket/core/service/AccountService.scala | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/main/scala/gitbucket/core/service/AccountService.scala b/src/main/scala/gitbucket/core/service/AccountService.scala
index bc35262eb..af75b8cba 100644
--- a/src/main/scala/gitbucket/core/service/AccountService.scala
+++ b/src/main/scala/gitbucket/core/service/AccountService.scala
@@ -17,7 +17,9 @@ trait AccountService {
   def authenticate(settings: SystemSettings, userName: String, password: String)(
     implicit s: Session
   ): Option[Account] = {
-    val account = if (settings.ldapAuthentication) {
+    val account = if (password.isEmpty) {
+      None
+    } else if (settings.ldapAuthentication) {
       ldapAuthentication(settings, userName, password)
     } else {
       defaultAuthentication(userName, password)