From 2654d99368054b7f8cfaec056b599cac4cfb53d9 Mon Sep 17 00:00:00 2001
From: James Moger <james.moger@gitblit.com>
Date: Tue, 30 Sep 2014 09:48:27 -0400
Subject: [PATCH] Merge branch 'ticket/196' into develop

---
 src/main/java/com/gitblit/wicket/pages/SessionPage.java |   20 +++++++++++++++++---
 1 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/src/main/java/com/gitblit/wicket/pages/SessionPage.java b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
index 22ae6e2..7717854 100644
--- a/src/main/java/com/gitblit/wicket/pages/SessionPage.java
+++ b/src/main/java/com/gitblit/wicket/pages/SessionPage.java
@@ -56,8 +56,20 @@
 			// any changes to permissions or roles (issue-186)
 			UserModel user = app().users().getUserModel(session.getUser().username);
 
+			if (user == null || user.disabled) {
+				// user was deleted/disabled during session
+				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())
+						.getHttpServletRequest();
+				HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
+						.getHttpServletResponse();
+				app().authentication().logout(request, response, user);
+				session.setUser(null);
+				session.invalidateNow();
+				return;
+			}
+
 			// validate cookie during session (issue-361)
-			if (app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
+			if (user != null && app().settings().getBoolean(Keys.web.allowCookieAuthentication, true)) {
 				HttpServletRequest request = ((WebRequest) getRequestCycle().getRequest())
 						.getHttpServletRequest();
 				String requestCookie = app().authentication().getCookie(request);
@@ -66,7 +78,7 @@
 						// cookie was changed during our session
 						HttpServletResponse response = ((WebResponse) getRequestCycle().getResponse())
 								.getHttpServletResponse();
-						app().authentication().logout(response, user);
+						app().authentication().logout(request, response, user);
 						session.setUser(null);
 						session.invalidateNow();
 						return;
@@ -89,8 +101,10 @@
 			session.setUser(user);
 
 			// Set Cookie
+			WebRequest request = (WebRequest) getRequestCycle().getRequest();
 			WebResponse response = (WebResponse) getRequestCycle().getResponse();
-			app().authentication().setCookie(response.getHttpServletResponse(), user);
+			app().authentication().setCookie(request.getHttpServletRequest(),
+					response.getHttpServletResponse(), user);
 
 			session.continueRequest();
 		}

--
Gitblit v1.9.1