From 66447d565411acea29ba787f001a319a9df3a316 Mon Sep 17 00:00:00 2001 From: Ian Date: Fri, 9 Sep 2022 15:37:06 -0400 Subject: [PATCH] TRUNK-6135: Properly handle lockoutTimestamp being blank --- .../org/openmrs/api/db/hibernate/HibernateContextDAO.java | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java b/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java index daa146af9321..74eab26a5757 100644 --- a/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java +++ b/api/src/main/java/org/openmrs/api/db/hibernate/HibernateContextDAO.java @@ -121,11 +121,11 @@ public User authenticate(String login, String password) throws ContextAuthentica log.debug("Candidate user id: {}", candidateUser.getUserId()); String lockoutTimeString = candidateUser.getUserProperty(OpenmrsConstants.USER_PROPERTY_LOCKOUT_TIMESTAMP, null); - Long lockoutTime = null; - if (lockoutTimeString != null && !"0".equals(lockoutTimeString)) { + long lockoutTime = -1; + if (StringUtils.isNotBlank(lockoutTimeString) && !"0".equals(lockoutTimeString)) { try { // putting this in a try/catch in case the admin decided to put junk into the property - lockoutTime = Long.valueOf(lockoutTimeString); + lockoutTime = Long.parseLong(lockoutTimeString); } catch (NumberFormatException e) { log.warn("bad value stored in {} user property: {}", OpenmrsConstants.USER_PROPERTY_LOCKOUT_TIMESTAMP, @@ -134,7 +134,7 @@ public User authenticate(String login, String password) throws ContextAuthentica } // if they've been locked out, don't continue with the authentication - if (lockoutTime != null) { + if (lockoutTime > 0) { // unlock them after 5 mins, otherwise reset the timestamp // to now and make them wait another 5 mins if (System.currentTimeMillis() - lockoutTime > 300000) {