diff --git a/app/models/user.rb b/app/models/user.rb
index 71c4d8012..ab277c086 100644
--- a/app/models/user.rb
+++ b/app/models/user.rb
@@ -86,10 +86,12 @@ class User < Avatar
   class << self
     def find_for_database_authentication(warden_conditions)
       conditions = warden_conditions.dup
+
       login = conditions.delete(:login)
+      pass  = conditions.delete(:pass)
       user = User.where(conditions).where(:authentication_token => login).first ||
              User.where(conditions).where(["lower(uname) = :value OR lower(email) = :value", { :value => login.downcase}]).first
-      return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(p))
+      return user if !user.access_locked? and (user.authentication_token == login or user.valid_password?(pass))
       nil
     end
 
diff --git a/lib/plugins/grack/auth.rb b/lib/plugins/grack/auth.rb
index c87ee0fcf..4b2f14385 100644
--- a/lib/plugins/grack/auth.rb
+++ b/lib/plugins/grack/auth.rb
@@ -12,7 +12,7 @@ module Grack
         return render_not_found if project.blank?
 
         return ::Rack::Auth::Basic.new(@app) do |u, p|
-          user = User.find_for_database_authentication(:login => u) and
+          user = User.find_for_database_authentication({:login => u, :pass => p}) and
           ability = ::Ability.new(user) and ability.can?(action, project) # project.members.include?(user)
         end.call(env) unless project.public? and read? # need auth
       end