From efe8ecb216b0e2f2f1dceb26c4f21dcec1fb497c Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Fri, 11 Nov 2011 17:59:15 -0500
Subject: [PATCH] Revised user access checks to account for repository ownership.

---
 src/com/gitblit/FileUserService.java |    9 +++++++++
 1 files changed, 9 insertions(+), 0 deletions(-)

diff --git a/src/com/gitblit/FileUserService.java b/src/com/gitblit/FileUserService.java
index cae0d79..3c8914d 100644
--- a/src/com/gitblit/FileUserService.java
+++ b/src/com/gitblit/FileUserService.java
@@ -126,11 +126,20 @@
 		UserModel returnedUser = null;
 		UserModel user = getUserModel(username);
 		if (user.password.startsWith(StringUtils.MD5_TYPE)) {
+			// password digest
 			String md5 = StringUtils.MD5_TYPE + StringUtils.getMD5(new String(password));
 			if (user.password.equalsIgnoreCase(md5)) {
 				returnedUser = user;
 			}
+		} else if (user.password.startsWith(StringUtils.COMBINED_MD5_TYPE)) {
+			// username+password digest
+			String md5 = StringUtils.COMBINED_MD5_TYPE
+					+ StringUtils.getMD5(username.toLowerCase() + new String(password));
+			if (user.password.equalsIgnoreCase(md5)) {
+				returnedUser = user;
+			}
 		} else if (user.password.equals(new String(password))) {
+			// plain-text password
 			returnedUser = user;
 		}
 		return returnedUser;

--
Gitblit v1.9.1