From 324cae94b61641d7ab290dc0ade849f732e6a8db Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=E7=8C=BF=E4=BA=BA=E6=98=93?= <qcjxberin@outlook.com>
Date: Thu, 12 Dec 2024 15:35:57 +0800
Subject: [PATCH] =?UTF-8?q?=E6=9B=B4=E6=94=B9=E5=AF=86=E7=A0=81=E9=AA=8C?=
 =?UTF-8?q?=E8=AF=81=E7=AE=97=E6=B3=95=E4=B8=BASHA512?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

在SaltPasswordProvider类中，将md5+sha512模式下的密码验证算法从SHA1改为SHA512。
---
 NewLife.Core/Security/IPasswordProvider.cs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/NewLife.Core/Security/IPasswordProvider.cs b/NewLife.Core/Security/IPasswordProvider.cs
index 3478dd873..9940705b1 100644
--- a/NewLife.Core/Security/IPasswordProvider.cs
+++ b/NewLife.Core/Security/IPasswordProvider.cs
@@ -103,7 +103,7 @@ protected virtual String CreateSalt()
     /// <param name="password">传输密码。可能是明文、MD5</param>
     /// <param name="hash">哈希密文。服务端数据库保存，带有算法、盐值、哈希值</param>
     /// <returns></returns>
-    public Boolean Verify(String password, String hash)
+    public virtual Boolean Verify(String password, String hash)
     {
         var ss = hash?.Split('$');
         if (ss == null || ss.Length == 0) throw new ArgumentNullException(nameof(hash));
@@ -139,7 +139,7 @@ public Boolean Verify(String password, String hash)
                 return ss[3] == password.GetBytes().SHA1(salt.GetBytes()).ToBase64();
             case "md5+sha512":
                 if (ss[3] == password.GetBytes().SHA512(salt.GetBytes()).ToBase64()) return true;
-                return ss[3] == password.MD5().GetBytes().SHA1(salt.GetBytes()).ToBase64();
+                return ss[3] == password.MD5().GetBytes().SHA512(salt.GetBytes()).ToBase64();
             default:
                 throw new NotSupportedException($"Unsupported password hash mode [{ss[1]}]");
         }