From: Richard Millet <remillet@yahoo.com>
Date: Thu, 29 Aug 2019 06:16:40 +0000 (-0700)
Subject: CC-740: Create a new salt when password is updated.
X-Git-Url: https://git.aero2k.de/?a=commitdiff_plain;h=61a753ddc3d5ea7743a0f6e491e681d888302677;p=tmp%2Fjakarta-migration.git

CC-740: Create a new salt when password is updated.
---

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java b/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
index a0b86daa6..07f0a1c46 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
@@ -115,7 +115,9 @@ public class UserStorageClient {
             throws DocumentNotFoundException, Exception {
         User userFound = get(jpaTransactionContext, userId);
         if (userFound != null) {
-            userFound.setPasswd(getEncPassword(userId, password, userFound.getSalt()));
+            String salt = UUID.randomUUID().toString();
+            userFound.setPasswd(getEncPassword(userId, password, salt));
+            userFound.setSalt(salt);
             userFound.setUpdatedAtItem(new Date());
             if (logger.isDebugEnabled()) {
                 logger.debug("updated user=" + JaxbUtils.toString(userFound, User.class));