From cbd6d5577ac7f2977c904f73c9c47258201858ce Mon Sep 17 00:00:00 2001
From: Risto Lahtela <24460436+Rsl1122@users.noreply.github.com>
Date: Tue, 14 Apr 2020 12:26:37 +0300
Subject: [PATCH] Check if user logged in when resetting bruteforce guard.

Affects issues:
- Fixed #1402
---
 .../djrapitops/plan/delivery/webserver/RequestHandler.java | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
index 4e03dc5d7..acc91a84f 100644
--- a/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
+++ b/Plan/common/src/main/java/com/djrapitops/plan/delivery/webserver/RequestHandler.java
@@ -105,7 +105,7 @@ public class RequestHandler implements HttpHandler {
 
     public Response getResponse(HttpExchange exchange) {
         String accessor = exchange.getRemoteAddress().getAddress().getHostAddress();
-        Request request;
+        Request request = null;
         Response response;
         try {
             request = buildRequest(exchange);
@@ -124,7 +124,10 @@ public class RequestHandler implements HttpHandler {
         if (bruteForceGuard.shouldPreventRequest(accessor)) {
             response = responseFactory.failedLoginAttempts403();
         }
-        if (response.getCode() != 401 && response.getCode() != 403) {
+        if (response.getCode() != 401 // Not failed
+                && response.getCode() != 403 // Not blocked
+                && (request != null && request.getUser().isPresent()) // Logged in
+        ) {
             bruteForceGuard.resetAttemptCount(accessor);
         }
         return response;