Update old MD5 hashes on successful password check

2025-10-15 22:13:08 +00:00 · 2012-08-01 10:55:22 -04:00
parent 9e999640f6
commit 2edac96df3
1 changed files with 9 additions and 2 deletions
--- a/dspace-api/src/main/java/org/dspace/eperson/EPerson.java
+++ b/dspace-api/src/main/java/org/dspace/eperson/EPerson.java
@@ -908,7 +908,8 @@ public class EPerson extends DSpaceObject
    }

    /**
-     * Check EPerson's password
+     * Check EPerson's password.  Side effect:  original unsalted MD5 hashes are
+     * converted using the current algorithm.
     * 
     * @param attempt
     *            the password attempt
@@ -928,7 +929,13 @@ public class EPerson extends DSpaceObject
            log.error(ex.getMessage());
            return false;
        }
-        return myHash.matches(attempt);
+        boolean answer = myHash.matches(attempt);
+
+        // If using the old unsalted hash, and this password is correct, update to a new hash
+        if (answer && (null == myRow.getStringColumn("digest_algorithm")))
+            setPassword(attempt);
+
+        return answer;
    }

    /**