hazza/DSpace
1
0
Fork 0
mirror of https://github.com/DSpace/DSpace.git synced 2025-10-16 14:33:09 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update old MD5 hashes on successful password check

Browse Source
This commit is contained in:
Mark H. Wood
2012-08-01 10:55:22 -04:00
parent 9e999640f6
commit 2edac96df3
1 changed files with 9 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dspace-api/src/main/java/org/dspace/eperson/EPerson.java
View File

@@ -908,7 +908,8 @@ public class EPerson extends DSpaceObject
} }
/** /**
* Check EPerson's password * Check EPerson's password. Side effect: original unsalted MD5 hashes are
* converted using the current algorithm.
* *
* @param attempt * @param attempt
* the password attempt * the password attempt
@@ -928,7 +929,13 @@ public class EPerson extends DSpaceObject
log.error(ex.getMessage()); log.error(ex.getMessage());
return false; return false;
} }
return myHash.matches(attempt); boolean answer = myHash.matches(attempt);
// If using the old unsalted hash, and this password is correct, update to a new hash
if (answer && (null == myRow.getStringColumn("digest_algorithm")))
setPassword(attempt);
return answer;
} }
/** /**