Handle edge case where users have a null password (#1902)

* Handle an edge case where users try to login but were logged in through an authentication provider
2026-02-23 07:04:27 +01:00 · 2021-06-01 12:46:54 -04:00
parent 20460c861d
commit 1195454258
1 changed files with 7 additions and 0 deletions
--- a/CTFd/auth.py
+++ b/CTFd/auth.py
@@ -366,6 +366,13 @@ def login():
            user = Users.query.filter_by(name=name).first()

        if user:
+            if user.password is None:
+                errors.append(
+                    "Your account was registered with a 3rd party authentication provider. "
+                    "Please try logging in with a configured authentication provider."
+                )
+                return render_template("login.html", errors=errors)
+
            if user and verify_password(request.form["password"], user.password):
                session.regenerate()