Das Benutzer-Passwort nicht im Klartext in Session-Tabelle ablegen

[kivitendo-erp.git] / SL / Auth / Password.pm

diff --git a/SL/Auth/Password.pm b/SL/Auth/Password.pm
index 9b0f1ae..5a17203 100644 (file)
--- a/SL/Auth/Password.pm
+++ b/SL/Auth/Password.pm
@@ -35,11 +35,19 @@ sub hash {
   }
 }
 
+sub hash_if_unhashed {
+  my ($class, %params) = @_;
+
+  my ($algorithm, $password) = $class->parse($params{password}, 'NONE');
+
+  return $algorithm eq 'NONE' ? $class->hash(%params) : $params{password};
+}
+
 sub parse {
-  my ($class, $password) = @_;
+  my ($class, $password, $default_algorithm) = @_;
 
   return ($1, $2) if $password =~ m/^\{ ([^\}]+) \} (.+)/x;
-  return ('CRYPT', $password);
+  return ($default_algorithm || 'CRYPT', $password);
 }
 
 1;