Fall 'kein Hash-Algorithmus angegeben' bei alten Passwörtern richtig behandeln

[kivitendo-erp.git] / SL / Auth / Password.pm

diff --git a/SL/Auth/Password.pm b/SL/Auth/Password.pm
index 5a17203c53c5035ecc75d461190c5c73424346cb..5f876cec33c0f6e1e231d80fb802143800bf60b4 100644 (file)
--- a/SL/Auth/Password.pm
+++ b/SL/Auth/Password.pm
@@ -40,7 +40,15 @@ sub hash_if_unhashed {
 
   my ($algorithm, $password) = $class->parse($params{password}, 'NONE');
 
-  return $algorithm eq 'NONE' ? $class->hash(%params) : $params{password};
+  return $params{password} unless $algorithm eq 'NONE';
+
+  if ($params{look_up_algorithm}) {
+    my $stored_password    = $params{auth}->get_stored_password($params{login});
+    my ($stored_algorithm) = $class->parse($stored_password);
+    $params{algorithm}     = $stored_algorithm;
+  }
+
+  return $class->hash(%params);
 }
 
 sub parse {