From d0af4cc92d521aee62d8c83bedee5b61c245be4a Mon Sep 17 00:00:00 2001
From: ulrich@undisclosed <ulrich@ulrich-vaio>
Date: Sat, 16 May 2020 14:13:36 +0000
Subject: [PATCH] Eintrag im Deployment Descriptor berichtigt

---
 src/java/de/uhilger/um/api/Profil.java |    7 +------
 1 files changed, 1 insertions(+), 6 deletions(-)

diff --git a/src/java/de/uhilger/um/api/Profil.java b/src/java/de/uhilger/um/api/Profil.java
index e89992f..8902147 100644
--- a/src/java/de/uhilger/um/api/Profil.java
+++ b/src/java/de/uhilger/um/api/Profil.java
@@ -43,11 +43,6 @@
     
       String digesterClassName = getServletContext().getInitParameter(P_DIGESTER);
       Digester digester = (Digester) Class.forName(digesterClassName).newInstance();
-      /*
-      MD5 geht nicht mehr,
-      vgl. http://stackoverflow.com/questions/39967289/how-to-use-digest-authentication-in-tomcat-8-5
-      */
-      String digestedCurrentPw = digester.digest(currentPw, Digester.SHA256, null);
       PersistenceManager pm = getDb();
       logger.fine(getSql(SQL_GET_USER));
       List list = pm.select(getSql(SQL_GET_USER), getMapper(MP_USER), Record.WITHOUT_BLOBS, userId);
@@ -55,7 +50,7 @@
         Object o = list.get(0);
         if(o instanceof User) {
           User u = (User) o;
-          if(u.getPw().equals(digestedCurrentPw)) {
+          if(digester.matches(currentPw, u.getPw(), Digester.SHA256, null)) {
             String digestedNewPw = digester.digest(newPw, Digester.SHA256, null);
             u.setPw(digestedNewPw);
             pm.update(u, getMapper(MP_USER));

--
Gitblit v1.9.3