From 0145db444fdf75599de30cce2e3dbbc3f048d632 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 18 Mar 2014 21:13:57 -0400
Subject: [PATCH] Merged #35 "Fix authentication security hole with external providers"

---
 src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java |    2 +-
 1 files changed, 1 insertions(+), 1 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java b/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
index ec5fe16..4c8d3a1 100644
--- a/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/ChangePasswordPage.java
@@ -97,7 +97,7 @@
 
 				user.password = password;
 				try {
-					app().gitblit().updateUserModel(user.username, user, false);
+					app().gitblit().reviseUser(user.username, user);
 					if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, false)) {
 						WebResponse response = (WebResponse) getRequestCycle().getResponse();
 						app().authentication().setCookie(response.getHttpServletResponse(), user);

--
Gitblit v1.9.1