diff options
| author | Rodrigo Andrade <rodrigo_cardoso@hotmail.it> | 2016-08-15 18:20:28 -0300 |
|---|---|---|
| committer | Rodrigo Andrade <rodrigo_cardoso@hotmail.it> | 2016-08-15 18:20:28 -0300 |
| commit | b453703aa83f9e3b1605190aed3356fec9d46155 (patch) | |
| tree | f9ad789bcf0a8c56575f17570cf298c7f943efba | |
| parent | 9b8049057430592206cfb242ec24bde4ab7cb438 (diff) | |
| download | gitblit-b453703aa83f9e3b1605190aed3356fec9d46155.tar.gz gitblit-b453703aa83f9e3b1605190aed3356fec9d46155.zip | |
removing duplicated code for cookie genaration and adding random bytes to generate user cookies
5 files changed, 8 insertions, 4 deletions
diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java index 6d7230f7..025b1d8c 100644 --- a/src/main/java/com/gitblit/ConfigUserService.java +++ b/src/main/java/com/gitblit/ConfigUserService.java @@ -898,7 +898,7 @@ public class ConfigUserService implements IUserService { user.countryCode = config.getString(USER, username, COUNTRYCODE);
user.cookie = config.getString(USER, username, COOKIE);
if (StringUtils.isEmpty(user.cookie) && !StringUtils.isEmpty(user.password)) {
- user.cookie = StringUtils.getSHA1(user.username + user.password);
+ user.cookie = user.createCookie();
}
// preferences
diff --git a/src/main/java/com/gitblit/auth/AuthenticationProvider.java b/src/main/java/com/gitblit/auth/AuthenticationProvider.java index 0bfe2351..6c098859 100644 --- a/src/main/java/com/gitblit/auth/AuthenticationProvider.java +++ b/src/main/java/com/gitblit/auth/AuthenticationProvider.java @@ -81,7 +81,7 @@ public abstract class AuthenticationProvider { protected void setCookie(UserModel user, char [] password) { // create a user cookie if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); + user.cookie = user.createCookie(); } } diff --git a/src/main/java/com/gitblit/client/EditUserDialog.java b/src/main/java/com/gitblit/client/EditUserDialog.java index 676916b2..4b01ff04 100644 --- a/src/main/java/com/gitblit/client/EditUserDialog.java +++ b/src/main/java/com/gitblit/client/EditUserDialog.java @@ -330,7 +330,7 @@ public class EditUserDialog extends JDialog { }
// change the cookie
- user.cookie = StringUtils.getSHA1(user.username + password);
+ user.cookie = user.createCookie();
String type = settings.get(Keys.realm.passwordStorage).getString("md5");
if (type.equalsIgnoreCase("md5")) {
diff --git a/src/main/java/com/gitblit/models/UserModel.java b/src/main/java/com/gitblit/models/UserModel.java index e1522748..d411e504 100644 --- a/src/main/java/com/gitblit/models/UserModel.java +++ b/src/main/java/com/gitblit/models/UserModel.java @@ -660,4 +660,8 @@ public class UserModel implements Principal, Serializable, Comparable<UserModel> String projectPath = StringUtils.getFirstPathElement(repository);
return !StringUtils.isEmpty(projectPath) && projectPath.equalsIgnoreCase(getPersonalPath());
}
+
+ public String createCookie() {
+ return StringUtils.getSHA1(String.valueOf(Math.random()));
+ }
}
diff --git a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java index 220bee3f..72dee6b6 100644 --- a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java +++ b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java @@ -156,7 +156,7 @@ public class EditUserPage extends RootSubPage { }
// change the cookie
- userModel.cookie = StringUtils.getSHA1(userModel.username + password);
+ userModel.cookie = userModel.createCookie();
// Optionally store the password MD5 digest.
String type = app().settings().getString(Keys.realm.passwordStorage, "md5");
|