From 393e467ed367e669d6aaa8ae4921d06cff3652f3 Mon Sep 17 00:00:00 2001
From: Max <post@wickenrode.com>
Date: Thu, 3 Mar 2016 22:48:29 +0100
Subject: [PATCH] Fix #2427 for 1.1.x branch

Backport of 0ac1ebf15c11f4b283a3d8a001b41f568c491876
---
 Source/SPUserManager.m | 25 +++++++++++++++++++++----
 1 file changed, 21 insertions(+), 4 deletions(-)

diff --git a/Source/SPUserManager.m b/Source/SPUserManager.m
index e3f611c3a..6c5c3697e 100644
--- a/Source/SPUserManager.m
+++ b/Source/SPUserManager.m
@@ -1082,11 +1082,28 @@ - (BOOL)insertUsers:(NSArray *)insertedUsers
 		if ([user parent] && [[user parent] valueForKey:@"user"] && [[user parent] valueForKey:@"password"]) {
 			
 			NSString *username = [[[user parent] valueForKey:@"user"] tickQuotedString];
-			NSString *password = [[[user parent] valueForKey:@"password"] tickQuotedString];
+			BOOL passwordIsHash;
+			NSString *password;
+			// there are three situations to cover here:
+			//   1) host added, parent user unchanged
+			//   2) host added, parent user password changed
+			//   3) host added, parent user is new
+			if([[user parent] valueForKey:@"originaluser"]) {
+				// 1 & 2: If the parent user already exists we always use the old password hash.
+				// This works because -updateUser: will be called after -insertUser: and update the password for this host, anyway.
+				passwordIsHash = YES;
+				password = [[[user parent] valueForKey:@"originalpassword"] tickQuotedString];
+			}
+			else {
+				// 3: If the user is new, we take the plaintext password value from the UI
+				passwordIsHash = NO;
+				password = [[[user parent] valueForKey:@"password"] tickQuotedString];
+			}
+			NSString *idString = [NSString stringWithFormat:@"IDENTIFIED BY %@%@",(passwordIsHash? @"PASSWORD " : @""), password];
 
-            createStatement = ([serverSupport supportsCreateUser]) ? 
-				[NSString stringWithFormat:@"CREATE USER %@@%@ IDENTIFIED BY %@%@", username, host, [[user parent] valueForKey:@"originaluser"]?@"PASSWORD ":@"", password] : 
-				[NSString stringWithFormat:@"GRANT SELECT ON mysql.* TO %@@%@ IDENTIFIED BY %@%@", username, host, [[user parent] valueForKey:@"originaluser"]?@"PASSWORD ":@"", password];
+            createStatement = ([serverSupport supportsCreateUser]) ?
+				[NSString stringWithFormat:@"CREATE USER %@@%@ %@", username, host, idString] :
+				[NSString stringWithFormat:@"GRANT SELECT ON mysql.* TO %@@%@ %@", username, host, idString];
 		}
         else if ([user parent] && [[user parent] valueForKey:@"user"]) {