From c19e8db967e3e2b76181df6023332f6735e8f5ad Mon Sep 17 00:00:00 2001
From: Eric Long <elong@jumpmind.com>
Date: Thu, 18 Feb 2021 17:42:16 -0500
Subject: [PATCH] 0004817: out of range when incrementing failed login count

---
 .../symmetric/service/impl/NodeService.java   | 25 +++++++++++--------
 1 file changed, 14 insertions(+), 11 deletions(-)

diff --git a/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/NodeService.java b/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/NodeService.java
index fd56f7f780..9e06477e13 100644
--- a/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/NodeService.java
+++ b/symmetric-core/src/main/java/org/jumpmind/symmetric/service/impl/NodeService.java
@@ -658,7 +658,7 @@ public boolean isNodeAuthorized(String nodeId, String password) {
         if (nodeSecurity != null) {
             if (!nodeId.equals(findIdentityNodeId()) && StringUtils.isNotBlank(nodeSecurity.getNodePassword())
                     && nodeSecurity.getNodePassword().equals(password)
-                    && (maxFailedLogins <= 0 || nodeSecurity.getFailedLogins() <= maxFailedLogins)
+                    && (maxFailedLogins <= 0 || nodeSecurity.getFailedLogins() < maxFailedLogins)
                     || nodeSecurity.isRegistrationEnabled()) {
                 return true;
             }
@@ -671,7 +671,7 @@ protected boolean isNodeAuthorizationLocked(String nodeId) {
         if (maxFailedLogins > 0) {
             Map<String, NodeSecurity> nodeSecurities = findAllNodeSecurity(true);
             NodeSecurity nodeSecurity = nodeSecurities.get(nodeId);
-            return nodeSecurity != null && nodeSecurity.getFailedLogins() > maxFailedLogins;
+            return nodeSecurity != null && nodeSecurity.getFailedLogins() >= maxFailedLogins;
         }
         return false;
     }
@@ -1140,17 +1140,20 @@ public void resetNodeFailedLogins(String nodeId) {
     }
 
     public void incrementNodeFailedLogins(String nodeId) {
-        if (parameterService.getInt(ParameterConstants.NODE_PASSWORD_FAILED_ATTEMPTS) >= 0) {
+        int maxFailedAttempts = parameterService.getInt(ParameterConstants.NODE_PASSWORD_FAILED_ATTEMPTS);
+        if (maxFailedAttempts >= 0) {
             NodeSecurity nodeSecurity = findNodeSecurity(nodeId);
             if (nodeSecurity != null) {
-                nodeSecurity.setFailedLogins(nodeSecurity.getFailedLogins() + 1);
-                updateNodeSecurity(nodeSecurity);
-            }
-    
-            Map<String, NodeSecurity> cache = findAllNodeSecurity(true);
-            NodeSecurity cacheSecurity = cache.get(nodeId);
-            if (cacheSecurity != null) {
-                cacheSecurity.setFailedLogins(nodeSecurity.getFailedLogins());
+                if (nodeSecurity.getFailedLogins() < maxFailedAttempts) {
+                    nodeSecurity.setFailedLogins(nodeSecurity.getFailedLogins() + 1);
+                    updateNodeSecurity(nodeSecurity);
+                    
+                    Map<String, NodeSecurity> cache = findAllNodeSecurity(true);
+                    NodeSecurity cacheSecurity = cache.get(nodeId);
+                    if (cacheSecurity != null) {
+                        cacheSecurity.setFailedLogins(nodeSecurity.getFailedLogins());
+                    }
+                }
             }
         }
     }