mirror of
https://github.com/codeninjasllc/discourse.git
synced 2024-11-27 17:46:05 -05:00
FIX: deactivated users shouldn't be able to log in
This commit is contained in:
parent
9fba385172
commit
1da59e7e2e
5 changed files with 20 additions and 4 deletions
|
@ -57,7 +57,7 @@ class Admin::UsersController < Admin::AdminController
|
||||||
end
|
end
|
||||||
|
|
||||||
def refresh_browsers
|
def refresh_browsers
|
||||||
MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
|
refresh_browser @user
|
||||||
render nothing: true
|
render nothing: true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -131,6 +131,7 @@ class Admin::UsersController < Admin::AdminController
|
||||||
def deactivate
|
def deactivate
|
||||||
guardian.ensure_can_deactivate!(@user)
|
guardian.ensure_can_deactivate!(@user)
|
||||||
@user.deactivate
|
@user.deactivate
|
||||||
|
refresh_browser @user
|
||||||
render nothing: true
|
render nothing: true
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@ -182,4 +183,8 @@ class Admin::UsersController < Admin::AdminController
|
||||||
@user = User.where(id: params[:user_id]).first
|
@user = User.where(id: params[:user_id]).first
|
||||||
end
|
end
|
||||||
|
|
||||||
|
def refresh_browser(user)
|
||||||
|
MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
|
||||||
|
end
|
||||||
|
|
||||||
end
|
end
|
||||||
|
|
|
@ -82,7 +82,7 @@ class SessionController < ApplicationController
|
||||||
return
|
return
|
||||||
end
|
end
|
||||||
|
|
||||||
user.email_confirmed? ? login(user) : not_activated(user)
|
(user.active && user.email_confirmed?) ? login(user) : not_activated(user)
|
||||||
end
|
end
|
||||||
|
|
||||||
def forgot_password
|
def forgot_password
|
||||||
|
|
|
@ -27,7 +27,7 @@ class Auth::DefaultCurrentUserProvider
|
||||||
current_user = User.where(auth_token: auth_token).first
|
current_user = User.where(auth_token: auth_token).first
|
||||||
end
|
end
|
||||||
|
|
||||||
if current_user && current_user.suspended?
|
if current_user && (current_user.suspended? || !current_user.active)
|
||||||
current_user = nil
|
current_user = nil
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
|
@ -134,7 +134,10 @@ class Guardian
|
||||||
def can_approve?(target)
|
def can_approve?(target)
|
||||||
is_staff? && target && not(target.approved?)
|
is_staff? && target && not(target.approved?)
|
||||||
end
|
end
|
||||||
alias :can_activate? :can_approve?
|
|
||||||
|
def can_activate?(target)
|
||||||
|
is_staff? && target && not(target.active?)
|
||||||
|
end
|
||||||
|
|
||||||
def can_suspend?(user)
|
def can_suspend?(user)
|
||||||
user && is_staff? && user.regular?
|
user && is_staff? && user.regular?
|
||||||
|
|
|
@ -195,6 +195,14 @@ describe SessionController do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe 'deactivated user' do
|
||||||
|
it 'should return an error' do
|
||||||
|
User.any_instance.stubs(:active).returns(false)
|
||||||
|
xhr :post, :create, login: user.username, password: 'myawesomepassword'
|
||||||
|
expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.not_activated'))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe 'success by username' do
|
describe 'success by username' do
|
||||||
it 'logs in correctly' do
|
it 'logs in correctly' do
|
||||||
xhr :post, :create, login: user.username, password: 'myawesomepassword'
|
xhr :post, :create, login: user.username, password: 'myawesomepassword'
|
||||||
|
|
Loading…
Reference in a new issue