Add XSRF protection to legacy authentication mechanism

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148689952

java/google/registry/ui/server/registrar/ConsoleUiAction.java

@@ -105,7 +105,10 @@ public final class ConsoleUiAction implements Runnable {
       return;
     }
     Registrar registrar = Registrar.loadByClientId(sessionUtils.getRegistrarClientId(req));
-    data.put("xsrfToken", xsrfTokenManager.generateToken(EppConsoleAction.XSRF_SCOPE));
+    data.put(
+        "xsrfToken",
+        xsrfTokenManager.generateToken(
+            EppConsoleAction.XSRF_SCOPE, userService.getCurrentUser().getEmail()));
     data.put("clientId", registrar.getClientId());
     data.put("showPaymentLink", registrar.getBillingMethod() == Registrar.BillingMethod.BRAINTREE);