Removes pre-checkpassword check

perploug · perploug · commit 81c32716fef7 · 2014-01-29T22:04:37.000+01:00
diff --git a/src/umbraco.providers/UsersMembershipProvider.cs b/src/umbraco.providers/UsersMembershipProvider.cs
@@ -497,19 +497,6 @@ public override bool ValidateUser(string username, string password)
                         return false;
                     }
 
-                    //Due to the way this legacy provider worked, when it 'validated' a password passed in, it would allow 
-                    // having the already hashed/encrypted password checked directly - this is bad but hey, we gotta support legacy
-                    // don't we.
-
-                    //So, first we'll check if the user object's db stored password (already hashed/encrypted in the db) matches the password that
-                    // has been passed in, if so then we will confirm that it is valid. If it doesn't we'll attempt to hash/encrypt the passed in 
-                    // password and then validate it - the way it is supposed to be done.
-                    
-                    if (user.Password == password)
-                    {
-                        return true;
-                    }
-
                     return CheckPassword(password, user.Password);
                 }
             }

Original file line number	Diff line number	Diff line change
`@@ -497,19 +497,6 @@ public override bool ValidateUser(string username, string password)`
`497`	`497`	`return false;`
`498`	`498`	`}`
`499`	`499`
`500`		`- //Due to the way this legacy provider worked, when it 'validated' a password passed in, it would allow`
`501`		`- // having the already hashed/encrypted password checked directly - this is bad but hey, we gotta support legacy`
`502`		`- // don't we.`
`503`		`-`
`504`		`- //So, first we'll check if the user object's db stored password (already hashed/encrypted in the db) matches the password that`
`505`		`- // has been passed in, if so then we will confirm that it is valid. If it doesn't we'll attempt to hash/encrypt the passed in`
`506`		`- // password and then validate it - the way it is supposed to be done.`
`507`		`-`
`508`		`- if (user.Password == password)`
`509`		`- {`
`510`		`- return true;`
`511`		`- }`
`512`		`-`
`513`	`500`	`return CheckPassword(password, user.Password);`
`514`	`501`	`}`
`515`	`502`	`}`