TRUNK-6135: Properly handle lockoutTimestamp being blank

binduak · Sep 9, 2022 · 66447d5 · 66447d5
1 parent c3a6ecf
commit 66447d5
Showing 1 changed file with 4 additions and 4 deletions.
diff --git a/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java b/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java
@@ -121,11 +121,11 @@ public User authenticate(String login, String password) throws ContextAuthentica
 			log.debug("Candidate user id: {}", candidateUser.getUserId());
 
 			String lockoutTimeString = candidateUser.getUserProperty(OpenmrsConstants.USER_PROPERTY_LOCKOUT_TIMESTAMP, null);
-			Long lockoutTime = null;
-			if (lockoutTimeString != null && !"0".equals(lockoutTimeString)) {
+			long lockoutTime = -1;
+			if (StringUtils.isNotBlank(lockoutTimeString) && !"0".equals(lockoutTimeString)) {
 				try {
 					// putting this in a try/catch in case the admin decided to put junk into the property
-					lockoutTime = Long.valueOf(lockoutTimeString);
+					lockoutTime = Long.parseLong(lockoutTimeString);
 				}
 				catch (NumberFormatException e) {
 					log.warn("bad value stored in {} user property: {}", OpenmrsConstants.USER_PROPERTY_LOCKOUT_TIMESTAMP,
@@ -134,7 +134,7 @@ public User authenticate(String login, String password) throws ContextAuthentica
 			}
 
 			// if they've been locked out, don't continue with the authentication
-			if (lockoutTime != null) {
+			if (lockoutTime > 0) {
 				// unlock them after 5 mins, otherwise reset the timestamp
 				// to now and make them wait another 5 mins
 				if (System.currentTimeMillis() - lockoutTime > 300000) {