protected Optional<UserVO> checkPassword(UserVO user, String password) {
boolean validPassword = passwordService.checkPassword(password, user.getPasswordSalt(), user.getPasswordHash());
long loginTimeout = configurationService.getLong(Constants.LAST_LOGIN_TIMEOUT, Constants.LAST_LOGIN_TIMEOUT_DEFAULT);
boolean mustUpdateLoginStatistic = user.getLoginAttempts() != 0
|| user.getLastLogin() == null
|| timestampService.getTimestamp() - user.getLastLogin().getTime() > loginTimeout;
if (validPassword && mustUpdateLoginStatistic) {
UserVO user1 = updateStatisticOnSuccessfulLogin(user, loginTimeout);
return of(user1);
} else if (!validPassword) {
user.setLoginAttempts(user.getLoginAttempts() + 1);
if (user.getLoginAttempts()
>= configurationService.getInt(Constants.MAX_LOGIN_ATTEMPTS, Constants.MAX_LOGIN_ATTEMPTS_DEFAULT)) {
user.setStatus(UserStatus.LOCKED_OUT);
logger.info("User with login {} has been locked out after {} login attempts.", user.getLogin(), user.getLoginAttempts());
user.setLoginAttempts(0);
}
userDao.merge(user);
return empty();
}
return of(user);
}