From ed5bc73d153a47f544b1777f003c1ee7e4399b08 Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 6 Jan 2012 16:40:05 -0700
Subject: [PATCH] (loadgen) fix bug that would leave virtual users with
 incorrect cookies in their device contexts after a password reset (still
 authenticated as th old user that they split from) issue #785

---
 lib/load_gen/activities/reset_pass.js | 7 ++++++-
 lib/load_gen/user_db.js               | 8 +++++---
 2 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/lib/load_gen/activities/reset_pass.js b/lib/load_gen/activities/reset_pass.js
index 45dca0cf5..29d4a4846 100644
--- a/lib/load_gen/activities/reset_pass.js
+++ b/lib/load_gen/activities/reset_pass.js
@@ -71,12 +71,17 @@ exports.startFunc = function(cfg, cb) {
     };
   })();
 
+  // if we did not split a user, we are going to change the user's uid
+  // out from under them.  this means we should clear all authenticated
+  // sessions, lest they remain authenticated as the old uid.
+  if (!newUser) userdb.clearContexts(user);
+
   // now everything is identical to the signup flow
   // pick a device context at random
   var context = userdb.any(user.ctxs);
 
   // pick an email address to operate on (there should really be
-  // only one at this point
+  // only one at this point)
   var email = userdb.any(user.emails);
 
   var origin = userdb.any(user.sites);
diff --git a/lib/load_gen/user_db.js b/lib/load_gen/user_db.js
index 241b53119..7368355a0 100644
--- a/lib/load_gen/user_db.js
+++ b/lib/load_gen/user_db.js
@@ -78,7 +78,6 @@ exports.getNewUser = function(email, password) {
     // key material is device specific
     ctxs: [
       {
-        // and no public keys (XXX: beware the cometh of certs)
         keys: {
         }
       },
@@ -91,6 +90,10 @@ exports.getNewUser = function(email, password) {
   return user;
 };
 
+exports.clearContexts = function(user) {
+  user.ctxs = [ { keys: { } }, { keys: { } } ];
+};
+
 exports.addNewUser = function(user) {
   delete user.locked;
   users.push(user);
@@ -119,11 +122,10 @@ exports.splitUser = function(user) {
   if (user.emails.length == 1) {
     throw "you can't split a user with only one email";
   } else {
-    var newuser = exports.getNewUser();
     // When splitting an account, always split off the *last* email.
     // The *first* email may be associated with a pre-created account.
     // see issue #681
-    newuser.emails[0] = user.emails.pop();
+    var newuser = exports.getNewUser(user.emails.pop());
     return newuser;
   }
 };
-- 
GitLab