From fb161867d09ff41f40eab9731a57f3210ef6dbda Mon Sep 17 00:00:00 2001
From: Lloyd Hilaiel <lloyd@hilaiel.com>
Date: Fri, 2 Dec 2011 15:23:09 -0700
Subject: [PATCH] (loadgen) fix subtle issue whereby a XXX@loadgen.domain
 users's password could be changed during load generation, and affect
 subsequent runs.  closes #681

---
 lib/load_gen/activities/add_email.js | 2 +-
 lib/load_gen/user_db.js              | 5 ++++-
 lib/wsapi/authenticate_user.js       | 4 ++--
 3 files changed, 7 insertions(+), 4 deletions(-)

diff --git a/lib/load_gen/activities/add_email.js b/lib/load_gen/activities/add_email.js
index d93575a4c..d059fdba7 100644
--- a/lib/load_gen/activities/add_email.js
+++ b/lib/load_gen/activities/add_email.js
@@ -18,7 +18,7 @@
  * the Initial Developer. All Rights Reserved.
  *
  * Contributor(s):
- *   Lloyd Hilaiel <lloyd@hilaiel.com> 
+ *   Lloyd Hilaiel <lloyd@hilaiel.com>
  *
  * Alternatively, the contents of this file may be used under the terms of
  * either the GNU General Public License Version 2 or later (the "GPL"), or
diff --git a/lib/load_gen/user_db.js b/lib/load_gen/user_db.js
index 32623da5e..436ae63ef 100644
--- a/lib/load_gen/user_db.js
+++ b/lib/load_gen/user_db.js
@@ -117,7 +117,10 @@ exports.splitUser = function(user) {
     return user;
   } else {
     var newuser = exports.getNewUser();
-    newuser.emails[0] = user.emails.shift();
+    // When splitting an account, always split off the *last* email.
+    // The *first* email may be associated with a pre-created account.
+    // see issue #681
+    newuser.emails[0] = user.emails.pop();
     exports.releaseUser(user);
     return newuser;
   }
diff --git a/lib/wsapi/authenticate_user.js b/lib/wsapi/authenticate_user.js
index 97d3f5895..c18f55dff 100644
--- a/lib/wsapi/authenticate_user.js
+++ b/lib/wsapi/authenticate_user.js
@@ -17,7 +17,7 @@ exports.process = function(req, res) {
   function fail(reason) {
     var r = { success: false };
     if (reason) r.reason = reason;
-    logger.debug('authentication fails for user: ' + req.body.email);
+    logger.debug('authentication fails for user: ' + req.body.email + (reason ? (' - ' + reason) : ""));
     return res.json(r);
   }
 
@@ -36,7 +36,7 @@ exports.process = function(req, res) {
         logger.error("error comparing passwords with bcrypt: " + err);
         return fail("internal password check error");
       } else if (!success) {
-        return fail("mismatch");
+        return fail("mismatch - pass:" + req.body.pass + " - email:" + req.body.email + " - hash:" + hash);
       } else {
         if (!req.session) req.session = {};
         wsapi.setAuthenticatedUser(req.session, req.body.email);
-- 
GitLab