Permalink
Browse files

Re-hash password to bcrypt upon successful login.

  • Loading branch information...
1 parent 31a6aa6 commit 40737946e4040cc155850d341ebb5662edb3c0f8 @technomancy technomancy committed Mar 9, 2012
Showing with 4 additions and 0 deletions.
  1. +4 −0 src/clojars/web/login.clj
@@ -26,5 +26,9 @@
(defn login [{username "user" password "password"}]
(if-let [user (auth-user username password)]
(let [response (redirect "/")]
+ ;; presence of salt indicates sha1'd password, so re-hash to bcrypt
+ (when (not (empty? (:salt user "")))
+ (update-user (:user user) (:email user) (:user user)
+ password (:ssh_key user)))
(assoc-in response [:session :account] (:user user)))
(login-form "Incorrect username or password.")))

0 comments on commit 4073794

Please sign in to comment.