add_user_auth: Warn if user doesn't exist when adding w/o password (#46)

emoncms · Aug 15, 2018 · 0c10325 · 0c10325
1 parent f63a501
commit 0c10325
Showing 1 changed file with 4 additions and 0 deletions.
diff --git a/group_model.php b/group_model.php
@@ -203,6 +203,10 @@ public function add_user_auth($admin_userid, $groupid, $username, $password, $ro
         // We only allow adding without a password if the capabilities module is loaded
         if (class_exists('Capabilities') && user_has_capability('group_add_member_no_auth')) {
             $add_userid = $this->user->get_id($username);
+            if (!$add_userid) {
+                $this->log->error("Error adding user to group: user $username doesn't exist");
+                return [ 'success' => false, 'message' => _("User doesn't exist") ];
+            }
         } else {
             $result = $this->user->get_apikeys_from_login($username, $password);
             if (!$result["success"]) {