Commit 86119e98 authored by Sergey Shepelevich's avatar Sergey Shepelevich

REPO-2180 [Backport 11.2] Use user id for credentials preapproval token

See UserSessionTest#assert_jcr_session_is_new_one_and_live_after_deserialization

Cherry picked from bc075283
parent 3e468cb0
......@@ -205,9 +205,9 @@ public class RepositoryUserManager extends AbstractUserManager {
private byte[] computePreapprovalToken(SimpleCredentials creds) throws NoSuchAlgorithmException {
MessageDigest md = MessageDigest.getInstance(PasswordHelper.getHashingAlgorithm());
final byte[] credsId = Ints.toByteArray(System.identityHashCode(creds));
final byte[] userId = creds.getUserID().getBytes();
md.update(masterKey);
return md.digest(credsId);
return md.digest(userId);
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment