From f0d1555a09028a15ce827bfd89ab7018703ae82c Mon Sep 17 00:00:00 2001
From: TortugaAttack <felixconrads@googlemail.com>
Date: Wed, 21 Aug 2019 23:38:27 +0200
Subject: [PATCH] Fixed #45 - multiple tracker for one user fixed

---
 .../org/owasp/webgoat/users/UserService.java     | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
index 932dc6e98..4a203fb68 100644
--- a/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
+++ b/webgoat-container/src/main/java/org/owasp/webgoat/users/UserService.java
@@ -30,13 +30,25 @@ public class UserService implements UserDetailsService {
     }
 
     public void addUser(String username, String password) {
+        //get user if there exists one by the name
+        WebGoatUser webGoatUser = userRepository.findByUsername(username);
+        //if user exists it will be updated, otherwise created
         userRepository.save(new WebGoatUser(username, password));
-        userTrackerRepository.save(new UserTracker(username));
+        //if user previously existed it will not get another tracker
+        if (webGoatUser == null) {
+                userTrackerRepository.save(new UserTracker(username));
+        }
     }
 
     public void addUser(String username, String password, String role) {
+        //get user if there exists one by the name
+        WebGoatUser webGoatUser = userRepository.findByUsername(username);
+        //if user exists it will be updated, otherwise created
         userRepository.save(new WebGoatUser(username,password,role));
-        userTrackerRepository.save(new UserTracker(username));
+        //if user previously existed it will not get another tracker
+        if (webGoatUser == null) {
+                userTrackerRepository.save(new UserTracker(username));
+        }
     }
 
     public List<WebGoatUser> getAllUsers () {