From 3ae5ee41be958e59be174a6e68e05446e8baf355 Mon Sep 17 00:00:00 2001
From: ulrich@undisclosed <ulrich@ulrich-vaio>
Date: Mon, 30 Mar 2020 14:55:06 +0000
Subject: [PATCH] Digester auf die Nutzung der 'matches'-Methode umgestellt

---
 src/java/de/uhilger/um/api/Profil.java |    7 +------
 1 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/src/java/de/uhilger/um/api/Profil.java b/src/java/de/uhilger/um/api/Profil.java
index e89992f..8902147 100644
--- a/src/java/de/uhilger/um/api/Profil.java
+++ b/src/java/de/uhilger/um/api/Profil.java
@@ -43,11 +43,6 @@
     
       String digesterClassName = getServletContext().getInitParameter(P_DIGESTER);
       Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
-      /*
-      MD5 geht nicht mehr,
-      vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
-      */
-      String digestedCurrentPw = digester.digest(currentPw, Digester.SHA256, null);
       PersistenceManager pm = getDb();
       logger.fine(getSql(SQL_GET_USER));
       List list = pm.select(getSql(SQL_GET_USER), getMapper(MP_USER), Record.WITHOUT_BLOBS, userId);
@@ -55,7 +50,7 @@
         Object o = list.get(0);
         if(o instanceof User) {
           User u = (User) o;
-          if(u.getPw().equals(digestedCurrentPw)) {
+          if(digester.matches(currentPw, u.getPw(), Digester.SHA256, null)) {
             String digestedNewPw = digester.digest(newPw, Digester.SHA256, null);
             u.setPw(digestedNewPw);
             pm.update(u, getMapper(MP_USER));

--
Gitblit v1.9.3