From d5623a235d54b308280d90920238bf75a2880b84 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Mon, 24 Oct 2011 16:32:57 -0400
Subject: [PATCH] Combined-md5 password storage option

---
 src/com/gitblit/FileUserService.java |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java
index cae0d79..3c8914d 100644
--- a/src/com/gitblit/FileUserService.java
+++ b/src/com/gitblit/FileUserService.java
@@ -126,11 +126,20 @@
 		UserModel returnedUser = null;
 		UserModel user = getUserModel(username);
 		if (user.password.startsWith(StringUtils.MD5_TYPE)) {
+			// password digest
 			String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
 			if (user.password.equalsIgnoreCase(md5)) {
 				returnedUser = user;
 			}
+		} else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+			// username+password digest
+			String md5 = StringUtils.COMBINED_MD5_TYPE
+					+ StringUtils.getMD5(username.toLowerCase() + new String(password));
+			if (user.password.equalsIgnoreCase(md5)) {
+				returnedUser = user;
+			}
 		} else if (user.password.equals(new String(password))) {
+			// plain-text password
 			returnedUser = user;
 		}
 		return returnedUser;

--
Gitblit v1.9.1