ensure unlock actually unlocks

bubble-server/src/main/java/bubble/dao/account/AccountDAO.java

@@ -347,7 +347,7 @@ public class AccountDAO extends AbstractCRUDDAO<Account> implements SqlViewSearc
         return admins.get(0);
     }
 
-    @Transactional
+    @Transactional(Transactional.TxType.REQUIRES_NEW)
     public void unlock() {
         synchronized (unlocked) {
             final int count = bulkUpdate("locked", false);

bubble-server/src/main/java/bubble/resources/account/AuthResource.java

@@ -222,11 +222,6 @@ public class AuthResource {
             if (!accountDAO.locked()) {
                 log.info("login: account "+account.getName()+" was locked, but system is unlocked, unlocking again");
                 accountDAO.unlock();
-                final Account unlockedAccount = accountDAO.findByUuid(account.getUuid());
-                if (unlockedAccount.locked()) {
-                    log.info("login: account "+account.getName()+" was still locked after unlocking system, cannot proceed");
-                    return invalid("err.account.locked");
-                }
 
             } else {
                 if (empty(unlockKey)) return invalid("err.account.locked");
@@ -236,6 +231,7 @@ public class AuthResource {
                 log.info("login: Unlock key was valid, unlocking accounts");
                 accountDAO.unlock();
             }
+            accountDAO.update(account.setLocked(false));
         }
 
         if (!isUnlock) {

utils/cobbzilla-wizard

@@ -1 +1 @@
-Subproject commit e27a1f0285bf004c38662b0b122a77bd5520c909
+Subproject commit bcbdc451f6c198938513f8954c9063ec93537149