Close ESAPI#287.

kwwall · kwwall · commit 46a625ca2421 · 2016-01-31T21:45:48.000-05:00
diff --git a/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java b/src/main/java/org/owasp/esapi/reference/FileBasedAuthenticator.java
@@ -161,12 +161,12 @@ String getHashedPassword(User user) {
      * Set the specified User's old password hashes.  This will not set the User's current password hash.
      *
      * @param user      the User whose old password hashes will be set
-     * @param oldHashes a list of the User's old password hashes     *
+     * @param oldHashes a list of the User's old password hashes
      */
     void setOldPasswordHashes(User user, List<String> oldHashes) {
         List<String> hashes = getAllHashedPasswords(user, true);
         if (hashes.size() > 1) {
-            hashes.removeAll(hashes.subList(1, hashes.size() - 1));
+            hashes.removeAll(hashes.subList(1, hashes.size()));
         }
         hashes.addAll(oldHashes);
     }
@@ -205,7 +205,7 @@ List<String> getAllHashedPasswords(User user, boolean create) {
     List<String> getOldPasswordHashes(User user) {
         List<String> hashes = getAllHashedPasswords(user, false);
         if (hashes.size() > 1) {
-            return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));
+            return Collections.unmodifiableList(hashes.subList(1, hashes.size()));
         }
         return Collections.emptyList();
     }

Original file line number	Diff line number	Diff line change
`@@ -161,12 +161,12 @@ String getHashedPassword(User user) {`
`161`	`161`	`* Set the specified User's old password hashes. This will not set the User's current password hash.`
`162`	`162`	`*`
`163`	`163`	`* @param user the User whose old password hashes will be set`
`164`		`- * @param oldHashes a list of the User's old password hashes *`
	`164`	`+ * @param oldHashes a list of the User's old password hashes`
`165`	`165`	`*/`
`166`	`166`	`void setOldPasswordHashes(User user, List<String> oldHashes) {`
`167`	`167`	`List<String> hashes = getAllHashedPasswords(user, true);`
`168`	`168`	`if (hashes.size() > 1) {`
`169`		`- hashes.removeAll(hashes.subList(1, hashes.size() - 1));`
	`169`	`+ hashes.removeAll(hashes.subList(1, hashes.size()));`
`170`	`170`	`}`
`171`	`171`	`hashes.addAll(oldHashes);`
`172`	`172`	`}`
`@@ -205,7 +205,7 @@ List<String> getAllHashedPasswords(User user, boolean create) {`
`205`	`205`	`List<String> getOldPasswordHashes(User user) {`
`206`	`206`	`List<String> hashes = getAllHashedPasswords(user, false);`
`207`	`207`	`if (hashes.size() > 1) {`
`208`		`- return Collections.unmodifiableList(hashes.subList(1, hashes.size() - 1));`
	`208`	`+ return Collections.unmodifiableList(hashes.subList(1, hashes.size()));`
`209`	`209`	`}`
`210`	`210`	`return Collections.emptyList();`
`211`	`211`	`}`