accounts without password are locked

3 files changed, 6 insertions, 5 deletions

diff --git a/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java b/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java
index b658e16f..bda5e902 100644
--- a/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java
+++ b/juick-common/src/main/java/com/juick/service/security/deprecated/CookieSimpleHashRememberMeServices.java
@@ -115,7 +115,7 @@ public class CookieSimpleHashRememberMeServices extends AbstractRememberMeServic
 
         Assert.isTrue(userOptional.isPresent());
 
-        return new JuickUser(userOptional.get());
+        return new JuickUser(userService.getFullyUserByName(userOptional.get().getName()));
     }
 
     @Override
diff --git a/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java b/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java
index 3a1d129d..71159e17 100644
--- a/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java
+++ b/juick-common/src/main/java/com/juick/service/security/deprecated/RequestParamHashRememberMeServices.java
@@ -81,7 +81,7 @@ public class RequestParamHashRememberMeServices extends AbstractRememberMeServic
         if (StringUtils.isNotBlank(hash)) {
             User user = userService.getUserByHash(hash);
             if (!user.isAnonymous())
-                return new JuickUser(user);
+                return new JuickUser(userService.getFullyUserByName(user.getName()));
         }
         throw new UsernameNotFoundException("User not found by hash " + hash);
     }
diff --git a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
index 6e72117e..606a5688 100644
--- a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
+++ b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
@@ -19,6 +19,7 @@ package com.juick.service.security.entities;
 
 import com.juick.User;
 import com.juick.server.helpers.AnonymousUser;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -73,17 +74,17 @@ public class JuickUser implements UserDetails {
 
     @Override
     public boolean isAccountNonLocked() {
-        return true;
+        return StringUtils.isNotBlank(user.getCredentials());
     }
 
     @Override
     public boolean isCredentialsNonExpired() {
-        return true;
+        return isAccountNonLocked();
     }
 
     @Override
     public boolean isEnabled() {
-        return !user.isBanned();
+        return !user.isBanned() && isCredentialsNonExpired();
     }
 
     public User getUser() {