diff --git a/models/login_source.go b/models/login_source.go index 7a5e6083a7..58e0e88b3e 100644 --- a/models/login_source.go +++ b/models/login_source.go @@ -548,9 +548,9 @@ func ExternalUserLogin(user *User, login, password string, source *LoginSource, func UserSignIn(username, password string) (*User, error) { var user *User if strings.Contains(username, "@") { - user = &User{Email: strings.ToLower(username)} + user = &User{Email: strings.ToLower(strings.TrimSpace(username))} } else { - user = &User{LowerName: strings.ToLower(username)} + user = &User{LowerName: strings.ToLower(strings.TrimSpace(username))} } hasUser, err := x.Get(user) diff --git a/modules/auth/ldap/ldap.go b/modules/auth/ldap/ldap.go index 0cabcb20a0..3064b31958 100644 --- a/modules/auth/ldap/ldap.go +++ b/modules/auth/ldap/ldap.go @@ -151,6 +151,11 @@ func bindUser(l *ldap.Conn, userDN, passwd string) error { // SearchEntry : search an LDAP source if an entry (name, passwd) is valid and in the specific filter func (ls *Source) SearchEntry(name, passwd string, directBind bool) (string, string, string, string, bool, bool) { + // See https://tools.ietf.org/search/rfc4513#section-5.1.2 + if len(passwd) == 0 { + log.Debug("Auth. failed for %s, password cannot be empty") + return "", "", "", "", false, false + } l, err := dial(ls) if err != nil { log.Error(4, "LDAP Connect error, %s:%v", ls.Host, err)