FIX: deactivated users shouldn't be able to log in

This commit is contained in:
Neil Lalonde 2014-04-28 13:46:28 -04:00
parent 9fba385172
commit 1da59e7e2e
5 changed files with 20 additions and 4 deletions

View file

@ -57,7 +57,7 @@ class Admin::UsersController < Admin::AdminController
end
def refresh_browsers
MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
refresh_browser @user
render nothing: true
end
@ -131,6 +131,7 @@ class Admin::UsersController < Admin::AdminController
def deactivate
guardian.ensure_can_deactivate!(@user)
@user.deactivate
refresh_browser @user
render nothing: true
end
@ -182,4 +183,8 @@ class Admin::UsersController < Admin::AdminController
@user = User.where(id: params[:user_id]).first
end
def refresh_browser(user)
MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
end
end

View file

@ -82,7 +82,7 @@ class SessionController < ApplicationController
return
end
user.email_confirmed? ? login(user) : not_activated(user)
(user.active && user.email_confirmed?) ? login(user) : not_activated(user)
end
def forgot_password

View file

@ -27,7 +27,7 @@ class Auth::DefaultCurrentUserProvider
current_user = User.where(auth_token: auth_token).first
end
if current_user && current_user.suspended?
if current_user && (current_user.suspended? || !current_user.active)
current_user = nil
end

View file

@ -134,7 +134,10 @@ class Guardian
def can_approve?(target)
is_staff? && target && not(target.approved?)
end
alias :can_activate? :can_approve?
def can_activate?(target)
is_staff? && target && not(target.active?)
end
def can_suspend?(user)
user && is_staff? && user.regular?

View file

@ -195,6 +195,14 @@ describe SessionController do
end
end
describe 'deactivated user' do
it 'should return an error' do
User.any_instance.stubs(:active).returns(false)
xhr :post, :create, login: user.username, password: 'myawesomepassword'
expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.not_activated'))
end
end
describe 'success by username' do
it 'logs in correctly' do
xhr :post, :create, login: user.username, password: 'myawesomepassword'