From 7b0646760cc54c77c8394d0d8879c98310684835 Mon Sep 17 00:00:00 2001
From: Daniel Jiang <jiangd@vmware.com>
Date: Fri, 12 May 2017 06:12:36 -0400
Subject: [PATCH] Fail authentication when username is empty (#2300)

---
 src/ui/auth/ldap/ldap.go      | 4 ++++
 src/ui/auth/ldap/ldap_test.go | 9 +++++++++
 2 files changed, 13 insertions(+)

diff --git a/src/ui/auth/ldap/ldap.go b/src/ui/auth/ldap/ldap.go
index 235013c3d..6b8942176 100644
--- a/src/ui/auth/ldap/ldap.go
+++ b/src/ui/auth/ldap/ldap.go
@@ -36,6 +36,10 @@ const metaChars = "&|!=~*<>()"
 func (l *Auth) Authenticate(m models.AuthModel) (*models.User, error) {
 
 	p := m.Principal
+	if len(strings.TrimSpace(p)) == 0 {
+		log.Debugf("LDAP authentication failed for empty user id.")
+		return nil, nil
+	}
 	for _, c := range metaChars {
 		if strings.ContainsRune(p, c) {
 			return nil, fmt.Errorf("the principal contains meta char: %q", c)
diff --git a/src/ui/auth/ldap/ldap_test.go b/src/ui/auth/ldap/ldap_test.go
index e979c9d11..6563f4f68 100644
--- a/src/ui/auth/ldap/ldap_test.go
+++ b/src/ui/auth/ldap/ldap_test.go
@@ -131,4 +131,13 @@ func TestAuthenticate(t *testing.T) {
 	if user != nil {
 		t.Errorf("Nil user expected for wrong password")
 	}
+	person.Principal = ""
+	person.Password = ""
+	user, err = auth.Authenticate(person)
+	if err != nil {
+		t.Errorf("unexpected ldap error: %v", err)
+	}
+	if user != nil {
+		t.Errorf("Nil user for empty credentials")
+	}
 }