Use the actual password to update the tokens

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>

lib/private/Authentication/Login/CreateSessionTokenCommand.php

@@ -59,7 +59,7 @@ class CreateSessionTokenCommand extends ALoginCommand {
 		);
 		$this->userSession->updateTokens(
 			$loginData->getUser()->getUID(),
-			$loginData->getUsername()
+			$loginData->getPassword()
 		);
 
 		return $this->processNextOrFinishSuccessfully($loginData);

tests/lib/Authentication/Login/CreateSessionTokenCommandTest.php

@@ -76,7 +76,7 @@ class CreateSessionTokenCommandTest extends ALoginCommandTest {
 			->method('updateTokens')
 			->with(
 				$this->username,
-				$this->username
+				$this->password
 			);
 
 		$result = $this->cmd->process($data);
@@ -109,7 +109,7 @@ class CreateSessionTokenCommandTest extends ALoginCommandTest {
 			->method('updateTokens')
 			->with(
 				$this->username,
-				$this->username
+				$this->password
 			);
 
 		$result = $this->cmd->process($data);