]> source.dussan.org Git - gitblit.git/commit
projects / gitblit.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 8b18ac3) | patch
🦟 fix: Password hash upgrade kills existing passwords
authorFlorian Zschocke <f.zschocke+git@gmail.com>
Sat, 4 Apr 2020 17:25:27 +0000 (19:25 +0200)
committerFlorian Zschocke <f.zschocke+git@gmail.com>
Sun, 5 Apr 2020 10:34:34 +0000 (12:34 +0200)
commite47647b00d566d64d311042981e6b1798f683e4a
tree1a3c74a343cbed999a37d8d9161e0f9943d97272tree | snapshot
parent8b18ac309bc36c8a16a3d26f088cb168635930d3commit | diff
🦟  fix: Password hash upgrade kills existing passwords

The upgrade of a MD5 stored password hash to a PBKDF password hash
destroys the stored password. The has check zeroes out the password that
is tested, so that the new hash is built over the zeroed out value.

This fix prevents that an also adds a check to the test.

Fixes #1335
src/main/java/com/gitblit/manager/AuthenticationManager.java diff | blob | history
src/test/java/com/gitblit/tests/AuthenticationManagerTest.java diff | blob | history
Pure java git solution: https://github.com/gitblit-org/gitblit