Fix bug with cleartext password_type (bug reported to my email by crackcraft@gmail...

[catagits/Catalyst-Plugin-Authentication.git] / lib / Catalyst / Authentication / Credential / Password.pm

diff --git a/lib/Catalyst/Authentication/Credential/Password.pm b/lib/Catalyst/Authentication/Credential/Password.pm
index a8f0c94..bd99265 100644 (file)
--- a/lib/Catalyst/Authentication/Credential/Password.pm
+++ b/lib/Catalyst/Authentication/Credential/Password.pm
@@ -64,6 +64,9 @@ sub check_password {
         if ($self->_config->{'password_type'} eq 'none') {
             return 1;
         } elsif ($self->_config->{'password_type'} eq 'clear') {
+            # FIXME - Should we warn in the $storedpassword undef case, 
+            #         as the user probably fluffed the config?
+            return unless defined $storedpassword;
             return $password eq $storedpassword;
         } elsif ($self->_config->{'password_type'} eq 'crypted') {            
             return $storedpassword eq crypt( $password, $storedpassword );