From d5df105e320be676bfedb61ab1cc6d15dcafd433 Mon Sep 17 00:00:00 2001 From: Vitaly Takmazov Date: Tue, 31 Jul 2018 11:42:14 +0300 Subject: accounts without password are locked --- .../main/java/com/juick/service/security/entities/JuickUser.java | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) (limited to 'juick-common/src/main/java/com/juick/service/security/entities') diff --git a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java index 6e72117e..606a5688 100644 --- a/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java +++ b/juick-common/src/main/java/com/juick/service/security/entities/JuickUser.java @@ -19,6 +19,7 @@ package com.juick.service.security.entities; import com.juick.User; import com.juick.server.helpers.AnonymousUser; +import org.apache.commons.lang3.StringUtils; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; @@ -73,17 +74,17 @@ public class JuickUser implements UserDetails { @Override public boolean isAccountNonLocked() { - return true; + return StringUtils.isNotBlank(user.getCredentials()); } @Override public boolean isCredentialsNonExpired() { - return true; + return isAccountNonLocked(); } @Override public boolean isEnabled() { - return !user.isBanned(); + return !user.isBanned() && isCredentialsNonExpired(); } public User getUser() { -- cgit v1.2.3