Autologin: Do not require a bogus password in the source code

application/controllers/AuthenticationController.php

@@ -63,8 +63,6 @@ class AuthenticationController extends ActionController
         $this->view->form = new LoginForm();
         $this->view->form->setRequest($this->_request);
         $this->view->title = $this->translate('Icingaweb Login');
-        $user = new User('');
-        $password = '';
 
         try {
             $redirectUrl = Url::fromPath($this->_request->getParam('redirect', 'dashboard'));
@@ -95,9 +93,10 @@ class AuthenticationController extends ActionController
 
 
             if ($this->getRequest()->isGet()) {
+                $user = new User('');
                 foreach ($chain as $backend) {
                     if ($backend instanceof AutoLoginBackend) {
-                        $authenticated  = $backend->authenticate($user, $password);
+                        $authenticated  = $backend->authenticate($user);
                         if ($authenticated === true) {
                             $auth->setAuthenticated($user);
                             $this->redirectNow($redirectUrl);

library/Icinga/Authentication/Backend/AutoLoginBackend.php

@@ -75,7 +75,7 @@ class AutoLoginBackend extends UserBackend
      *
      * @return  bool
      */
-    public function authenticate(User $user, $password)
+    public function authenticate(User $user, $password = null)
     {
         return $this->hasUser($user);
     }