(loadgen) fix bug that would leave virtual users with incorrect cookies in...

(loadgen) fix bug that would leave virtual users with incorrect cookies in their device contexts after a password reset (still authenticated as th old user that they split from) issue #785

lib/load_gen/activities/reset_pass.js

@@ -71,12 +71,17 @@ exports.startFunc = function(cfg, cb) {
     };
   })();
 
+  // if we did not split a user, we are going to change the user's uid
+  // out from under them.  this means we should clear all authenticated
+  // sessions, lest they remain authenticated as the old uid.
+  if (!newUser) userdb.clearContexts(user);
+
   // now everything is identical to the signup flow
   // pick a device context at random
   var context = userdb.any(user.ctxs);
 
   // pick an email address to operate on (there should really be
-  // only one at this point
+  // only one at this point)
   var email = userdb.any(user.emails);
 
   var origin = userdb.any(user.sites);

lib/load_gen/user_db.js

@@ -78,7 +78,6 @@ exports.getNewUser = function(email, password) {
     // key material is device specific
     ctxs: [
       {
-        // and no public keys (XXX: beware the cometh of certs)
         keys: {
         }
       },
@@ -91,6 +90,10 @@ exports.getNewUser = function(email, password) {
   return user;
 };
 
+exports.clearContexts = function(user) {
+  user.ctxs = [ { keys: { } }, { keys: { } } ];
+};
+
 exports.addNewUser = function(user) {
   delete user.locked;
   users.push(user);
@@ -119,11 +122,10 @@ exports.splitUser = function(user) {
   if (user.emails.length == 1) {
     throw "you can't split a user with only one email";
   } else {
-    var newuser = exports.getNewUser();
     // When splitting an account, always split off the *last* email.
     // The *first* email may be associated with a pre-created account.
     // see issue #681
-    newuser.emails[0] = user.emails.pop();
+    var newuser = exports.getNewUser(user.emails.pop());
     return newuser;
   }
 };