Das Benutzer-Passwort nicht im Klartext in Session-Tabelle ablegen

[mfinanz.git] / SL / Auth / Password.pm

diff --git a/SL/Auth/Password.pm b/SL/Auth/Password.pm
index 9b0f1aec7be4ccfa8e5878eb4a88bbe406655929..5a17203c53c5035ecc75d461190c5c73424346cb 100644 (file)
--- a/SL/Auth/Password.pm
+++ b/SL/Auth/Password.pm
@@ -35,11 +35,19 @@ sub hash {
   }
 }
 
+sub hash_if_unhashed {
+  my ($class, %params) = @_;
+
+  my ($algorithm, $password) = $class->parse($params{password}, 'NONE');
+
+  return $algorithm eq 'NONE' ? $class->hash(%params) : $params{password};
+}
+
 sub parse {
-  my ($class, $password) = @_;
+  my ($class, $password, $default_algorithm) = @_;
 
   return ($1, $2) if $password =~ m/^\{ ([^\}]+) \} (.+)/x;
-  return ('CRYPT', $password);
+  return ($default_algorithm || 'CRYPT', $password);
 }
 
 1;