From cb20b6984f6cc75e161e37baa6ff8a56a2e246a7 Mon Sep 17 00:00:00 2001
From: Anton Tananaev <anton@traccar.org>
Date: Tue, 27 Feb 2024 18:44:07 -0800
Subject: Fix failed login handling

---
 src/main/java/org/traccar/api/resource/SessionResource.java   | 11 ++++++-----
 .../java/org/traccar/api/security/SecurityRequestFilter.java  |  4 ++--
 2 files changed, 8 insertions(+), 7 deletions(-)

diff --git a/src/main/java/org/traccar/api/resource/SessionResource.java b/src/main/java/org/traccar/api/resource/SessionResource.java
index dc517277e..2f357a309 100644
--- a/src/main/java/org/traccar/api/resource/SessionResource.java
+++ b/src/main/java/org/traccar/api/resource/SessionResource.java
@@ -79,8 +79,8 @@ public class SessionResource extends BaseResource {
 
         if (token != null) {
             LoginResult loginResult = loginService.login(token);
-            User user = loginResult.getUser();
-            if (user != null) {
+            if (loginResult != null) {
+                User user = loginResult.getUser();
                 request.getSession().setAttribute(USER_ID_KEY, user.getId());
                 request.getSession().setAttribute(EXPIRATION_KEY, loginResult.getExpiration());
                 LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
@@ -116,9 +116,9 @@ public class SessionResource extends BaseResource {
             @FormParam("email") String email,
             @FormParam("password") String password,
             @FormParam("code") Integer code) throws StorageException {
-        User user;
+        LoginResult loginResult;
         try {
-            user = loginService.login(email, password, code).getUser();
+            loginResult = loginService.login(email, password, code);
         } catch (CodeRequiredException e) {
             Response response = Response
                     .status(Response.Status.UNAUTHORIZED)
@@ -126,7 +126,8 @@ public class SessionResource extends BaseResource {
                     .build();
             throw new WebApplicationException(response);
         }
-        if (user != null) {
+        if (loginResult != null) {
+            User user = new User();
             request.getSession().setAttribute(USER_ID_KEY, user.getId());
             LogAction.login(user.getId(), WebHelper.retrieveRemoteAddress(request));
             return user;
diff --git a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
index c33a80015..12a5dbecf 100644
--- a/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
+++ b/src/main/java/org/traccar/api/security/SecurityRequestFilter.java
@@ -90,8 +90,8 @@ public class SecurityRequestFilter implements ContainerRequestFilter {
                         String[] auth = decodeBasicAuth(authHeader);
                         loginResult = loginService.login(auth[0], auth[1], null);
                     }
-                    User user = loginResult.getUser();
-                    if (user != null) {
+                    if (loginResult != null) {
+                        User user = loginResult.getUser();
                         statisticsManager.registerRequest(user.getId());
                         securityContext = new UserSecurityContext(
                                 new UserPrincipal(user.getId(), loginResult.getExpiration()));
-- 
cgit v1.2.3