From b658185a7d23d001787aa76dd226d73a89e604c6 Mon Sep 17 00:00:00 2001
From: Richard Millet <remillet@yahoo.com>
Date: Wed, 28 Aug 2019 23:16:40 -0700
Subject: [PATCH] CC-740: Create a new salt when password is updated.

---
 .../services/account/storage/csidp/UserStorageClient.java     | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java b/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
index a0b86daa6..07f0a1c46 100644
--- a/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
+++ b/services/account/service/src/main/java/org/collectionspace/services/account/storage/csidp/UserStorageClient.java
@@ -115,7 +115,9 @@ public class UserStorageClient {
             throws DocumentNotFoundException, Exception {
         User userFound = get(jpaTransactionContext, userId);
         if (userFound != null) {
-            userFound.setPasswd(getEncPassword(userId, password, userFound.getSalt()));
+            String salt = UUID.randomUUID().toString();
+            userFound.setPasswd(getEncPassword(userId, password, salt));
+            userFound.setSalt(salt);
             userFound.setUpdatedAtItem(new Date());
             if (logger.isDebugEnabled()) {
                 logger.debug("updated user=" + JaxbUtils.toString(userFound, User.class));
-- 
2.47.3