Check account on every call

1 files changed, 13 insertions, 3 deletions

diff --git a/src/org/traccar/database/PermissionsManager.java b/src/org/traccar/database/PermissionsManager.java
index e620d5334..1c995a11d 100644
--- a/src/org/traccar/database/PermissionsManager.java
+++ b/src/org/traccar/database/PermissionsManager.java
@@ -146,7 +146,17 @@ public class PermissionsManager {
 
     public void checkReadonly(long userId) throws SecurityException {
         if (!isAdmin(userId) && (server.getReadonly() || isReadonly(userId))) {
-            throw new SecurityException("User is readonly");
+            throw new SecurityException("Account is readonly");
+        }
+    }
+
+    public void checkUser(long userId) throws SecurityException {
+        User user = getUser(userId);
+        if (user.getDisabled()) {
+            throw new SecurityException("Account is disabled");
+        }
+        if (user.getExpirationTime() != null && System.currentTimeMillis() > user.getExpirationTime().getTime()) {
+            throw new SecurityException("Account has expired");
         }
     }
 
@@ -217,8 +227,8 @@ public class PermissionsManager {
 
     public User login(String email, String password) throws SQLException {
         User user = dataManager.login(email, password);
-        if (user != null && !user.getDisabled() && (user.getExpirationTime() == null
-                || user.getExpirationTime().getTime() > System.currentTimeMillis())) {
+        if (user != null) {
+            checkUser(user.getId());
             return users.get(user.getId());
         }
         return null;