More fix: two validation records would collide if generated at the

same millisecond. Use a persistent random, and include the userId
and a bit of the timestamp to make a secret that cannot collide
with another user's secret.
This commit is contained in:
Ray J. Greenwell
2011-11-08 11:35:34 -08:00
parent 77b02552b1
commit b14734277e
3 changed files with 29 additions and 12 deletions
@@ -21,7 +21,6 @@ import java.util.HashSet;
import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.Random;
import com.google.common.collect.Lists;
@@ -952,11 +951,7 @@ public class OOOUserRepository extends UserRepository
update("delete from penders where userId = '" + userId + "'");
// create a new one and insert it into the database
ValidateRecord rec = new ValidateRecord();
rec.secret = Long.toString(Math.abs((new Random()).nextLong()), 16);
rec.userId = userId;
rec.persist = persist;
rec.inserted = new Date(System.currentTimeMillis());
ValidateRecord rec = ValidateRecord.create(userId, persist);
insert(_vtable, rec);
return rec;
}