@@ -170,6 +170,10 @@ def login():
return redirect(url_for("login"))
if not user.passhash:
+ if not password:
+ flash("Can't set a blank password")
+ return redirect(url_for("login"))
+
salt = bcrypt.gensalt()
user.passhash = bcrypt.hashpw(password.encode(), salt)
db.session.commit()
