Reject blank passwords in credential requests

simonrob · simonrob · commit d3b9c5f76f1d · 2025-01-27T22:59:17.000Z
diff --git a/emailproxy.py b/emailproxy.py
@@ -6,7 +6,7 @@
 __author__ = 'Simon Robinson'
 __copyright__ = 'Copyright (c) 2024 Simon Robinson'
 __license__ = 'Apache 2.0'
-__version__ = '2024-11-13'  # ISO 8601 (YYYY-MM-DD)
+__version__ = '2025-01-27'  # ISO 8601 (YYYY-MM-DD)
 __package_version__ = '.'.join([str(int(i)) for i in __version__.split('-')])  # for pyproject.toml usage only
 
 import abc
@@ -703,6 +703,10 @@ def get_oauth2_credentials(username, password, reload_remote_accounts=True):
         handles OAuth 2.0 token request and renewal, saving the updated details back to AppConfig (or removing them
         if invalid). Returns either (True, '[OAuth2 string for authentication]') or (False, '[Error message]')"""
 
+        if not password:
+            Log.error('No password provided for account', username, '- aborting login')
+            return False, '%s: Login failed - no password provided for account %s' % (APP_NAME, username)
+
         # we support broader catch-all account names (e.g., `@domain.com` / `@`) if enabled
         config_accounts = AppConfig.accounts()
         valid_accounts = [username in config_accounts]
