From 7ab32b65fcb20ca68d7afc357befb3a34de662bf Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 28 Jan 2014 13:16:37 -0500
Subject: [PATCH] issue-361: Reset user cookie after administrative password change

---
 src/main/java/com/gitblit/wicket/pages/EditUserPage.java |    3 +++
 1 files changed, 3 insertions(+), 0 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
index 62a8ea5..15c35fa 100644
--- a/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/EditUserPage.java
@@ -154,6 +154,9 @@
 							return;
 						}
 
+						// change the cookie
+						userModel.cookie = StringUtils.getSHA1(userModel.username + password);
+
 						// Optionally store the password MD5 digest.
 						String type = app().settings().getString(Keys.realm.passwordStorage, "md5");
 						if (type.equalsIgnoreCase("md5")) {

--
Gitblit v1.9.1