diff options
| author | James Moger <james.moger@gitblit.com> | 2011-10-24 16:32:57 -0400 |
|---|---|---|
| committer | James Moger <james.moger@gitblit.com> | 2011-10-24 16:32:57 -0400 |
| commit | d5623a235d54b308280d90920238bf75a2880b84 (patch) | |
| tree | dc0664243f05be8c70cf7709ea332c8d8fe56b64 /src | |
| parent | d40adc7553bc900328afa918f45b6d9e9c3087fb (diff) | |
| download | gitblit-d5623a235d54b308280d90920238bf75a2880b84.tar.gz gitblit-d5623a235d54b308280d90920238bf75a2880b84.zip | |
Combined-md5 password storage option
Diffstat (limited to 'src')
| -rw-r--r-- | src/com/gitblit/FileUserService.java | 9 | ||||
| -rw-r--r-- | src/com/gitblit/client/EditUserDialog.java | 53 | ||||
| -rw-r--r-- | src/com/gitblit/utils/StringUtils.java | 2 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/pages/ChangePasswordPage.java | 7 | ||||
| -rw-r--r-- | src/com/gitblit/wicket/pages/EditUserPage.java | 14 |
5 files changed, 65 insertions, 20 deletions
diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java index cae0d791..3c8914dd 100644 --- a/src/com/gitblit/FileUserService.java +++ b/src/com/gitblit/FileUserService.java @@ -126,11 +126,20 @@ public class FileUserService extends FileSettings implements IUserService { UserModel returnedUser = null;
UserModel user = getUserModel(username);
if (user.password.startsWith(StringUtils.MD5_TYPE)) {
+ // password digest
String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
if (user.password.equalsIgnoreCase(md5)) {
returnedUser = user;
}
+ } else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+ // username+password digest
+ String md5 = StringUtils.COMBINED_MD5_TYPE
+ + StringUtils.getMD5(username.toLowerCase() + new String(password));
+ if (user.password.equalsIgnoreCase(md5)) {
+ returnedUser = user;
+ }
} else if (user.password.equals(new String(password))) {
+ // plain-text password
returnedUser = user;
}
return returnedUser;
diff --git a/src/com/gitblit/client/EditUserDialog.java b/src/com/gitblit/client/EditUserDialog.java index c77713a8..0f666bde 100644 --- a/src/com/gitblit/client/EditUserDialog.java +++ b/src/com/gitblit/client/EditUserDialog.java @@ -191,6 +191,7 @@ public class EditUserDialog extends JDialog { return false;
}
+ boolean rename = false;
// verify username uniqueness on create
if (isCreate) {
if (usernames.contains(uname.toLowerCase())) {
@@ -199,7 +200,8 @@ public class EditUserDialog extends JDialog { }
} else {
// check rename collision
- if (!username.equalsIgnoreCase(uname)) {
+ rename = !StringUtils.isEmpty(username) && !username.equalsIgnoreCase(uname);
+ if (rename) {
if (usernames.contains(uname.toLowerCase())) {
error(MessageFormat.format(
"Failed to rename ''{0}'' because ''{1}'' already exists.", username,
@@ -208,34 +210,51 @@ public class EditUserDialog extends JDialog { }
}
}
+ user.username = uname;
int minLength = settings.get(Keys.realm.minPasswordLength).getInteger(5);
if (minLength < 4) {
minLength = 4;
}
- char[] pw = passwordField.getPassword();
- if (pw == null || pw.length < minLength) {
+
+ String password = new String(passwordField.getPassword());
+ if (StringUtils.isEmpty(password) || password.length() < minLength) {
error(MessageFormat.format("Password is too short. Minimum length is {0} characters.",
minLength));
return false;
}
- char[] cpw = confirmPasswordField.getPassword();
- if (cpw == null || cpw.length != pw.length) {
- error("Please confirm the password!");
- return false;
- }
- if (!Arrays.equals(pw, cpw)) {
- error("Passwords do not match!");
+ if (!password.toUpperCase().startsWith(StringUtils.MD5_TYPE)
+ && !password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+ String cpw = new String(confirmPasswordField.getPassword());
+ if (cpw == null || cpw.length() != password.length()) {
+ error("Please confirm the password!");
+ return false;
+ }
+ if (!password.equals(cpw)) {
+ error("Passwords do not match!");
+ return false;
+ }
+
+ String type = settings.get(Keys.realm.passwordStorage).getString("md5");
+ if (type.equalsIgnoreCase("md5")) {
+ // store MD5 digest of password
+ user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(password);
+ } else if (type.equalsIgnoreCase("combined-md5")) {
+ // store MD5 digest of username+password
+ user.password = StringUtils.COMBINED_MD5_TYPE
+ + StringUtils.getMD5(username.toLowerCase() + password);
+ } else {
+ // plain-text password
+ user.password = password;
+ }
+ } else if (rename && password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+ error("Gitblit is configured for combined-md5 password hashing. You must enter a new password on account rename.");
return false;
- }
- user.username = uname;
- String type = settings.get(Keys.realm.passwordStorage).getString("md5");
- if (type.equalsIgnoreCase("md5")) {
- // store MD5 digest of password
- user.password = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(pw));
} else {
- user.password = new String(pw);
+ // no change in password
+ user.password = password;
}
+
user.canAdmin = canAdminCheckbox.isSelected();
user.excludeFromFederation = notFederatedCheckbox.isSelected();
diff --git a/src/com/gitblit/utils/StringUtils.java b/src/com/gitblit/utils/StringUtils.java index 8adf1e42..746fbe2e 100644 --- a/src/com/gitblit/utils/StringUtils.java +++ b/src/com/gitblit/utils/StringUtils.java @@ -33,6 +33,8 @@ import java.util.regex.PatternSyntaxException; public class StringUtils {
public static final String MD5_TYPE = "MD5:";
+
+ public static final String COMBINED_MD5_TYPE = "CMD5:";
/**
* Returns true if the string is null or empty.
diff --git a/src/com/gitblit/wicket/pages/ChangePasswordPage.java b/src/com/gitblit/wicket/pages/ChangePasswordPage.java index fec24144..2738a5fc 100644 --- a/src/com/gitblit/wicket/pages/ChangePasswordPage.java +++ b/src/com/gitblit/wicket/pages/ChangePasswordPage.java @@ -77,14 +77,19 @@ public class ChangePasswordPage extends RootSubPage { return;
}
+ UserModel user = GitBlitWebSession.get().getUser();
+
// convert to MD5 digest, if appropriate
String type = GitBlit.getString(Keys.realm.passwordStorage, "md5");
if (type.equalsIgnoreCase("md5")) {
// store MD5 digest of password
password = StringUtils.MD5_TYPE + StringUtils.getMD5(password);
+ } else if (type.equalsIgnoreCase("combined-md5")) {
+ // store MD5 digest of username+password
+ password = StringUtils.COMBINED_MD5_TYPE
+ + StringUtils.getMD5(user.username.toLowerCase() + password);
}
- UserModel user = GitBlitWebSession.get().getUser();
user.password = password;
try {
GitBlit.self().updateUserModel(user.username, user, false);
diff --git a/src/com/gitblit/wicket/pages/EditUserPage.java b/src/com/gitblit/wicket/pages/EditUserPage.java index 78e94614..8955e222 100644 --- a/src/com/gitblit/wicket/pages/EditUserPage.java +++ b/src/com/gitblit/wicket/pages/EditUserPage.java @@ -70,7 +70,7 @@ public class EditUserPage extends RootSubPage { } else {
super.setupPage(getString("gb.edit"), userModel.username);
}
-
+
final Model<String> confirmPassword = new Model<String>(
StringUtils.isEmpty(userModel.password) ? "" : userModel.password);
CompoundPropertyModel<UserModel> model = new CompoundPropertyModel<UserModel>(userModel);
@@ -109,12 +109,14 @@ public class EditUserPage extends RootSubPage { return;
}
}
+ boolean rename = !StringUtils.isEmpty(oldName) && !oldName.equalsIgnoreCase(username);
if (!userModel.password.equals(confirmPassword.getObject())) {
error("Passwords do not match!");
return;
}
String password = userModel.password;
- if (!password.toUpperCase().startsWith(StringUtils.MD5_TYPE)) {
+ if (!password.toUpperCase().startsWith(StringUtils.MD5_TYPE)
+ && !password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
// This is a plain text password.
// Check length.
int minLength = GitBlit.getInteger(Keys.realm.minPasswordLength, 5);
@@ -134,7 +136,15 @@ public class EditUserPage extends RootSubPage { // store MD5 digest of password
userModel.password = StringUtils.MD5_TYPE
+ StringUtils.getMD5(userModel.password);
+ } else if (type.equalsIgnoreCase("combined-md5")) {
+ // store MD5 digest of username+password
+ userModel.password = StringUtils.COMBINED_MD5_TYPE
+ + StringUtils.getMD5(username.toLowerCase() + userModel.password);
}
+ } else if (rename
+ && password.toUpperCase().startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+ error("Gitblit is configured for combined-md5 password hashing. You must enter a new password on account rename.");
+ return;
}
Iterator<String> selectedRepositories = repositories.getSelectedChoices();
|