No password = auto fail password checks

Rather than null ref boom...
2015-05-08 10:57:18 -07:00 · 2015-05-08 10:57:18 -07:00 · f0098b6e1e
parent 6814576b5e
commit f0098b6e1e
2 changed files with 5 additions and 0 deletions
--- a/src/Microsoft.AspNet.Identity/UserManager.cs
+++ b/src/Microsoft.AspNet.Identity/UserManager.cs
@ -669,6 +669,10 @@ namespace Microsoft.AspNet.Identity
        protected virtual async Task<PasswordVerificationResult> VerifyPasswordAsync(IUserPasswordStore<TUser> store, TUser user, string password)
        {
            var hash = await store.GetPasswordHashAsync(user, CancellationToken);
+            if (hash == null)
+            {
+                return PasswordVerificationResult.Failed;
+            }
            return PasswordHasher.VerifyHashedPassword(user, hash, password);
        }

--- a/test/Shared/UserManagerTestBase.cs
+++ b/test/Shared/UserManagerTestBase.cs
@ -322,6 +322,7 @@ namespace Microsoft.AspNet.Identity.Test
            var user = await manager.FindByNameAsync(username);
            Assert.NotNull(user);
            Assert.False(await manager.HasPasswordAsync(user));
+            Assert.False(await manager.CheckPasswordAsync(user, "whatever"));
            var logins = await manager.GetLoginsAsync(user);
            Assert.NotNull(logins);
            Assert.Equal(0, logins.Count());