diff --git a/src/main/java/com/gitblit/ConfigUserService.java b/src/main/java/com/gitblit/ConfigUserService.java index 6d7230f71..6511f0236 100644 --- a/src/main/java/com/gitblit/ConfigUserService.java +++ b/src/main/java/com/gitblit/ConfigUserService.java @@ -897,8 +897,8 @@ protected synchronized void read() { user.stateProvince = config.getString(USER, username, STATEPROVINCE); user.countryCode = config.getString(USER, username, COUNTRYCODE); user.cookie = config.getString(USER, username, COOKIE); - if (StringUtils.isEmpty(user.cookie) && !StringUtils.isEmpty(user.password)) { - user.cookie = StringUtils.getSHA1(user.username + user.password); + if (StringUtils.isEmpty(user.cookie)) { + user.cookie = StringUtils.getSHA1(user.username); } // preferences diff --git a/src/main/java/com/gitblit/auth/AuthenticationProvider.java b/src/main/java/com/gitblit/auth/AuthenticationProvider.java index 0bfe23515..74002560b 100644 --- a/src/main/java/com/gitblit/auth/AuthenticationProvider.java +++ b/src/main/java/com/gitblit/auth/AuthenticationProvider.java @@ -78,10 +78,10 @@ public String getServiceName() { public abstract AuthenticationType getAuthenticationType(); - protected void setCookie(UserModel user, char [] password) { + protected void setCookie(UserModel user) { // create a user cookie - if (StringUtils.isEmpty(user.cookie) && !ArrayUtils.isEmpty(password)) { - user.cookie = StringUtils.getSHA1(user.username + new String(password)); + if (StringUtils.isEmpty(user.cookie)) { + user.cookie = StringUtils.getSHA1(user.username); } } diff --git a/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java b/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java index 2cdabf6f8..3a6cb8ec1 100644 --- a/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java +++ b/src/main/java/com/gitblit/auth/HtpasswdAuthProvider.java @@ -196,7 +196,7 @@ else if (supportPlaintextPwd() && storedPwd.equals(passwd)){ } // create a user cookie - setCookie(user, password); + setCookie(user); // Set user attributes, hide password from backing user service. user.password = Constants.EXTERNAL_ACCOUNT; diff --git a/src/main/java/com/gitblit/auth/LdapAuthProvider.java b/src/main/java/com/gitblit/auth/LdapAuthProvider.java index cc772e7b4..b7efd4a04 100644 --- a/src/main/java/com/gitblit/auth/LdapAuthProvider.java +++ b/src/main/java/com/gitblit/auth/LdapAuthProvider.java @@ -360,7 +360,7 @@ public UserModel authenticate(String username, char[] password) { } // create a user cookie - setCookie(user, password); + setCookie(user); if (!supportsTeamMembershipChanges()) { getTeamsFromLdap(ldapConnection, simpleUsername, loggingInUser, user); diff --git a/src/main/java/com/gitblit/auth/PAMAuthProvider.java b/src/main/java/com/gitblit/auth/PAMAuthProvider.java index 46f4dd6a6..b38d49df9 100644 --- a/src/main/java/com/gitblit/auth/PAMAuthProvider.java +++ b/src/main/java/com/gitblit/auth/PAMAuthProvider.java @@ -122,7 +122,7 @@ public UserModel authenticate(String username, char[] password) { } // create a user cookie - setCookie(user, password); + setCookie(user); // update user attributes from UnixUser user.accountType = getAccountType(); diff --git a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java index 27cece299..364aff042 100644 --- a/src/main/java/com/gitblit/auth/RedmineAuthProvider.java +++ b/src/main/java/com/gitblit/auth/RedmineAuthProvider.java @@ -139,7 +139,7 @@ public UserModel authenticate(String username, char[] password) { } // create a user cookie - setCookie(user, password); + setCookie(user); // update user attributes from Redmine user.accountType = getAccountType(); diff --git a/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java b/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java index df033c27a..79c3a0c47 100644 --- a/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java +++ b/src/main/java/com/gitblit/auth/SalesforceAuthProvider.java @@ -66,7 +66,7 @@ public UserModel authenticate(String username, char[] password) { user = new UserModel(simpleUsername); } - setCookie(user, password); + setCookie(user); setUserAttributes(user, info); updateUser(user); diff --git a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java index aee51008a..4c31fb15b 100644 --- a/src/main/java/com/gitblit/auth/WindowsAuthProvider.java +++ b/src/main/java/com/gitblit/auth/WindowsAuthProvider.java @@ -153,7 +153,7 @@ public UserModel authenticate(String username, char[] password) { } // create a user cookie - setCookie(user, password); + setCookie(user); // update user attributes from Windows identity user.accountType = getAccountType();