Replaced direct null checks on username, password, and token with UtilValidate.isEmpty() method calls for consistency.

dixitdeepak · dixitdeepak · commit d8b097f6717a · 2023-12-14T18:06:45.000+05:30
diff --git a/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java b/framework/webapp/src/main/java/org/apache/ofbiz/webapp/control/LoginWorker.java
@@ -340,8 +340,8 @@ public static String checkLogin(HttpServletRequest request, HttpServletResponse
             if (token == null) token = (String) session.getAttribute("TOKEN");
 
             // in this condition log them in if not already; if not logged in or can't log in, save parameters and return error
-            if (username == null
-                    || (password == null && token == null)
+            if (UtilValidate.isEmpty(username)
+                    || (UtilValidate.isEmpty(password) && UtilValidate.isEmpty(token))
                     || "error".equals(login(request, response))) {
 
                 // make sure this attribute is not in the request; this avoids infinite recursion when a login by less stringent criteria (like not checkout the hasLoggedOut field) passes; this is not a normal circumstance but can happen with custom code or in funny error situations when the userLogin service gets the userLogin object but runs into another problem and fails to return an error
@@ -419,9 +419,9 @@ public static String login(HttpServletRequest request, HttpServletResponse respo
             }
         }
 
-        if (username == null) username = (String) session.getAttribute("USERNAME");
-        if (password == null) password = (String) session.getAttribute("PASSWORD");
-        if (token == null) token = (String) session.getAttribute("TOKEN");
+        if (UtilValidate.isEmpty(username)) username = (String) session.getAttribute("USERNAME");
+        if (UtilValidate.isEmpty(password)) password = (String) session.getAttribute("PASSWORD");
+        if (UtilValidate.isEmpty(token)) token = (String) session.getAttribute("TOKEN");
 
         // allow a username and/or password in a request attribute to override the request parameter or the session attribute; this way a preprocessor can play with these a bit...
         if (UtilValidate.isNotEmpty(request.getAttribute("USERNAME"))) {
