Prevent hash collisions by using length-prefixed encoding

Author: duanemay

server/src/main/java/org/cloudfoundry/identity/uaa/login/LoginConsentHashUtil.java

@@ -37,7 +37,8 @@ public static String calculateConsentHash(LoginConsent consent) {
         String title = StringUtils.hasText(consent.getTitle()) ? consent.getTitle() : "";
         String text = StringUtils.hasText(consent.getText()) ? consent.getText() : "";
 
-        String content = title + "|" + text;
+        // Format: <title_length>:<title>|<text_length>:<text>
+        String content = title.length() + ":" + title + "|" + text.length() + ":" + text;
 
         return consentHashCache.computeIfAbsent(content, c -> {
             try {

server/src/test/java/org/cloudfoundry/identity/uaa/login/LoginConsentHashUtilTest.java

@@ -140,4 +140,19 @@ void testParseDurationToSeconds_CaseInsensitive() {
         assertThat(LoginConsentHashUtil.parseDurationToSeconds("1W")).isEqualTo(7 * 24 * 60 * 60);
         assertThat(LoginConsentHashUtil.parseDurationToSeconds("1Y")).isEqualTo(365 * 24 * 60 * 60);
     }
+
+    @Test
+    void testHashCollision() {
+        // Case 1: title contains pipe, short text
+        LoginConsent consent1 = new LoginConsent(true, "abc|def", "ghi", "Accept", "Decline", null, "12h");
+        
+        // Case 2: short title, text contains pipe  
+        LoginConsent consent2 = new LoginConsent(true, "abc", "def|ghi", "Accept", "Decline", null, "12h");
+        
+        String hash1 = LoginConsentHashUtil.calculateConsentHash(consent1);
+        String hash2 = LoginConsentHashUtil.calculateConsentHash(consent2);
+
+        assertThat(hash1).as("Different title/text combinations should produce different hashes")
+                          .isNotEqualTo(hash2);
+    }
 }