Prevented guest user from getting locked out due to inactivity or invalid logins.

5e5aec23 · Mike McKay · 78422a10 · 5e5aec23 · 5e5aec23
Commit 5e5aec23 authored 8 years ago by Mike McKay
--- a/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java
+++ b/src/main/java/org/nrg/xnat/security/DisableInactiveUsers.java
@@ -64,7 +64,8 @@ public class DisableInactiveUsers implements Runnable {
                    final UserI u = Users.getUser(username);
                    // Fixes XNAT-2407. Only disable user if they have not been recently modified (enabled).
-                    if (!hasUserBeenModified(u, _inactivityBeforeLockout)) {
+                    // Also do not disable the guest user.
+                    if (!hasUserBeenModified(u, _inactivityBeforeLockout) && !username.equals("guest")) {
                        u.setEnabled("0");
                        u.setVerified("0");
                        Users.save(u, adminUser, false, EventUtils.newEventInstance(EventUtils.CATEGORY.SIDE_ADMIN, EventUtils.TYPE.PROCESS, "Disabled due to inactivity"));

--- a/src/main/java/org/nrg/xnat/security/XnatProviderManager.java
+++ b/src/main/java/org/nrg/xnat/security/XnatProviderManager.java
@@ -332,7 +332,7 @@ public class XnatProviderManager extends ProviderManager {
         */
        private synchronized void addFailedLoginAttempt(final Authentication auth) throws SiteConfigurationException {
            XdatUserAuth ua = _manager.getUserByAuth(auth);
-            if (ua != null) {
+            if (ua != null && !ua.getXdatUsername().equals("guest")) {
                if (XDAT.getSiteConfigPreferences().getMaxFailedLogins() > 0) {
                    ua.setFailedLoginAttempts(ua.getFailedLoginAttempts() + 1);
                    ua.setLastLoginAttempt(new Date());