removing duplicated code for cookie genaration and adding random bytes to generate...

author Rodrigo Andrade <rodrigo_cardoso@hotmail.it>

Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)

committer Rodrigo Andrade <rodrigo_cardoso@hotmail.it>

Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)
author Rodrigo Andrade <rodrigo_cardoso@hotmail.it>
Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)
committer Rodrigo Andrade <rodrigo_cardoso@hotmail.it>
Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)
diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java

index 6d7230f715bdba63ff750fa05a4ff35cf6f3deff..025b1d8c0cf24ac0a1f4d4fc89ddd4a9e3fe36ab 100644 (file)
--- a/src/main/java/com/gitblit/ConfigUserService.java
+++ b/src/main/java/com/gitblit/ConfigUserService.java
@@ -898,7 +898,7 @@ public class ConfigUserService implements IUserService {
                                         user.countryCode = config.getString(USER, username, COUNTRYCODE);\r
                                         user.cookie = config.getString(USER, username, COOKIE);\r
                                         if (StringUtils.isEmpty(user.cookie) && !StringUtils.isEmpty(user.password)) {\r
-                                               user.cookie = StringUtils.getSHA1(user.username + user.password);\r
+                                               user.cookie = user.createCookie();\r
                                         }\r
  \r
                                         // preferences\r
diff --git a/src/main/java/com/gitblit/auth/AuthenticationProvider.java b/src/main/java/com/gitblit/auth/AuthenticationProvider.java

index 0bfe23515607630ab79892aa93feb1ddf9cc798a..6c098859414dcc80afc2253e6ab8ce68ca5332ef 100644 (file)
--- a/src/main/java/com/gitblit/auth/AuthenticationProvider.java
+++ b/src/main/java/com/gitblit/auth/AuthenticationProvider.java
@@ -81,7 +81,7 @@ public abstract class AuthenticationProvider {
         protected void setCookie(UserModel user, char [] password) {
                 // create a user cookie
                 if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) {
-                       user.cookie = StringUtils.getSHA1(user.username + new String(password));
+                       user.cookie = user.createCookie();
                 }
         }
  
diff --git a/src/main/java/com/gitblit/client/EditUserDialog.java b/src/main/java/com/gitblit/client/EditUserDialog.java

index 676916b2330f94a0e96503c4c4e7f4990a5e0758..4b01ff0462249bbce6cd67b0b493a1c1713a3dd5 100644 (file)
--- a/src/main/java/com/gitblit/client/EditUserDialog.java
+++ b/src/main/java/com/gitblit/client/EditUserDialog.java
@@ -330,7 +330,7 @@ public class EditUserDialog extends JDialog {
                         }\r
  \r
                         // change the cookie\r
-                       user.cookie = StringUtils.getSHA1(user.username + password);\r
+                       user.cookie = user.createCookie();\r
  \r
                         String type = settings.get(Keys.realm.passwordStorage).getString("md5");\r
                         if (type.equalsIgnoreCase("md5")) {\r
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java

index e15227482f2ea9d99cc186c502fa216bf2b0f73a..d411e5040db36efa7a0d0b8650e30dbe77ef29a8 100644 (file)
--- a/src/main/java/com/gitblit/models/UserModel.java
+++ b/src/main/java/com/gitblit/models/UserModel.java
@@ -660,4 +660,8 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel>
                 String projectPath = StringUtils.getFirstPathElement(repository);\r
                 return !StringUtils.isEmpty(projectPath) && projectPath.equalsIgnoreCase(getPersonalPath());\r
         }\r
+       \r
+       public String createCookie() {\r
+               return StringUtils.getSHA1(String.valueOf(Math.random()));\r
+       }\r
  }\r
diff --git a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java

index 220bee3f6ec7391e59bb7aaabe3fb1932fd9fac8..72dee6b6de2f532913294f0339f3c041db0ab4d5 100644 (file)
--- a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
@@ -156,7 +156,7 @@ public class EditUserPage extends RootSubPage {
                                                 }\r
  \r
                                                 // change the cookie\r
-                                               userModel.cookie = StringUtils.getSHA1(userModel.username + password);\r
+                                               userModel.cookie = userModel.createCookie();\r
  \r
                                                 // Optionally store the password MD5 digest.\r
                                                 String type = app().settings().getString(Keys.realm.passwordStorage, "md5");\r
author	Rodrigo Andrade <rodrigo_cardoso@hotmail.it>
	Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)
committer	Rodrigo Andrade <rodrigo_cardoso@hotmail.it>
	Mon, 15 Aug 2016 21:20:28 +0000 (18:20 -0300)
src/main/java/com/gitblit/ConfigUserService.java		patch \| blob \| history
src/main/java/com/gitblit/auth/AuthenticationProvider.java		patch \| blob \| history
src/main/java/com/gitblit/client/EditUserDialog.java		patch \| blob \| history
src/main/java/com/gitblit/models/UserModel.java		patch \| blob \| history
src/main/java/com/gitblit/wicket/pages/EditUserPage.java		patch \| blob \| history