Permalink
Browse files

Re-hash password to bcrypt upon successful login.

  • Loading branch information...
technomancy committed Mar 9, 2012
1 parent ec1260f commit d78647647b87673faabb8252c1749239ff05e890
Showing with 4 additions and 0 deletions.
  1. +4 −0 src/clojars/web/login.clj
@@ -26,5 +26,9 @@
(defn login [{username "user" password "password"}]
(if-let [user (auth-user username password)]
(let [response (redirect "/")]
+ ;; presence of salt indicates sha1'd password, so re-hash to bcrypt
+ (when (not (empty? (:salt user "")))
+ (update-user (:user user) (:email user) (:user user)
+ password (:ssh_key user)))
(assoc-in response [:session :account] (:user user)))
(login-form "Incorrect username or password.")))

0 comments on commit d786476

Please sign in to comment.