Tim Abbott 8119670da1 user_settings: Prevent LDAP users from setting a Zulip password. ...

Previously, if both EmailAuthBackend and LDAPAuthBackend were enabled,
LDAP users could set a password using EmailAuthBackend and continue to
use that password, even if their LDAP account was later deactivated.

That configuration wasn't supported at all before, so this doesn't fix
a pre-existing security issue, but now that we're making that a valid
configuration, we need to cover this case.

2018-05-28 22:47:47 -07:00

10 KiB

Raw Blame History

View Raw