disable login if user is disabled

2020-10-04 12:48:49 +02:00 · 2020-10-04 12:48:49 +02:00 · 7e425c0338
parent 6c37a91c6d
commit 7e425c0338
2 changed files with 7 additions and 0 deletions
--- a/app/api/views/auth.py
+++ b/app/api/views/auth.py
@ -57,6 +57,8 @@ def auth_login():
        # Trigger rate limiter
        g.deduct_limit = True
        return jsonify(error="Email or password incorrect"), 400
+    elif user.disabled:
+        return jsonify(error="Account disabled"), 400
    elif not user.activated:
        return jsonify(error="Account not activated"), 400
    elif user.fido_enabled():
--- a/app/auth/views/login.py
+++ b/app/auth/views/login.py
@ -36,6 +36,11 @@ def login():
            g.deduct_limit = True
            form.password.data = None
            flash("Email or password incorrect", "error")
+        elif user.disabled:
+            flash(
+                "Your account is disabled. Please contact SimpleLogin team to re-enable your account.",
+                "error",
+            )
        elif not user.activated:
            show_resend_activation = True
            flash(