diff options
| author | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-02-23 17:27:31 +0000 |
|---|---|---|
| committer | Jean-Philippe Lang <jp_lang@yahoo.fr> | 2011-02-23 17:27:31 +0000 |
| commit | ce84bb1a0194d98b4db99e258cc0ada6b98e19b8 (patch) | |
| tree | 58d92f42735c234f6817d073f090ce3a3f0751a4 /extra/svn | |
| parent | 3ab981c04c33ebc1a490063d2d626fa669721209 (diff) | |
| download | redmine-ce84bb1a0194d98b4db99e258cc0ada6b98e19b8.tar.gz redmine-ce84bb1a0194d98b4db99e258cc0ada6b98e19b8.zip | |
Adds random salt to user passwords (#7410).
git-svn-id: svn+ssh://rubyforge.org/var/svn/redmine/trunk@4936 e93f8b46-1217-0410-a6f0-8f06a7374b81
Diffstat (limited to 'extra/svn')
| -rw-r--r-- | extra/svn/Redmine.pm | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/extra/svn/Redmine.pm b/extra/svn/Redmine.pm index c96b248c5..c0320f13e 100644 --- a/extra/svn/Redmine.pm +++ b/extra/svn/Redmine.pm @@ -148,7 +148,7 @@ sub RedmineDSN { my ($self, $parms, $arg) = @_; $self->{RedmineDSN} = $arg; my $query = "SELECT - hashed_password, auth_source_id, permissions + hashed_password, salt, auth_source_id, permissions FROM members, projects, users, roles, member_roles WHERE projects.id=members.project_id @@ -316,11 +316,12 @@ sub is_member { $sth->execute($redmine_user, $project_id); my $ret; - while (my ($hashed_password, $auth_source_id, $permissions) = $sth->fetchrow_array) { + while (my ($hashed_password, $salt, $auth_source_id, $permissions) = $sth->fetchrow_array) { unless ($auth_source_id) { - my $method = $r->method; - if ($hashed_password eq $pass_digest && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) { + my $method = $r->method; + my $salted_password = Digest::SHA1::sha1_hex($salt.$pass_digest); + if ($hashed_password eq $salted_password && ((defined $read_only_methods{$method} && $permissions =~ /:browse_repository/) || $permissions =~ /:commit_access/) ) { $ret = 1; last; } |