From d5df105e320be676bfedb61ab1cc6d15dcafd433 Mon Sep 17 00:00:00 2001
From: Vitaly Takmazov
Date: Tue, 31 Jul 2018 11:42:14 +0300
Subject: accounts without password are locked

---
 .../main/java/com/juick/service/security/entities/JuickUser.java   | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java')

diff --git a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
index 6e72117e..606a5688 100644
--- a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
+++ b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java
@@ -19,6 +19,7 @@ package com.juick.service.security.entities;
 
 import com.juick.User;
 import com.juick.server.helpers.AnonymousUser;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
@@ -73,17 +74,17 @@ public class JuickUser implements UserDetails {
 
     @Override
     public boolean isAccountNonLocked() {
-        return true;
+        return StringUtils.isNotBlank(user.getCredentials());
     }
 
     @Override
     public boolean isCredentialsNonExpired() {
-        return true;
+        return isAccountNonLocked();
     }
 
     @Override
     public boolean isEnabled() {
-        return !user.isBanned();
+        return !user.isBanned() && isCredentialsNonExpired();
     }
 
     public User getUser() {
-- 
cgit v1.2.3