mirror of
https://github.com/discourse/discourse.git
synced 2024-11-25 09:42:07 +08:00
FIX: deactivated users shouldn't be able to log in
This commit is contained in:
parent
9fba385172
commit
1da59e7e2e
|
@ -57,7 +57,7 @@ class Admin::UsersController < Admin::AdminController
|
|||
end
|
||||
|
||||
def refresh_browsers
|
||||
MessageBus.publish "/file-change", ["refresh"], user_ids: [@user.id]
|
||||
refresh_browser @user
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
|
@ -131,6 +131,7 @@ class Admin::UsersController < Admin::AdminController
|
|||
def deactivate
|
||||
guardian.ensure_can_deactivate!(@user)
|
||||
@user.deactivate
|
||||
refresh_browser @user
|
||||
render nothing: true
|
||||
end
|
||||
|
||||
|
@ -182,4 +183,8 @@ class Admin::UsersController < Admin::AdminController
|
|||
@user = User.where(id: params[:user_id]).first
|
||||
end
|
||||
|
||||
def refresh_browser(user)
|
||||
MessageBus.publish "/file-change", ["refresh"], user_ids: [user.id]
|
||||
end
|
||||
|
||||
end
|
||||
|
|
|
@ -82,7 +82,7 @@ class SessionController < ApplicationController
|
|||
return
|
||||
end
|
||||
|
||||
user.email_confirmed? ? login(user) : not_activated(user)
|
||||
(user.active && user.email_confirmed?) ? login(user) : not_activated(user)
|
||||
end
|
||||
|
||||
def forgot_password
|
||||
|
|
|
@ -27,7 +27,7 @@ class Auth::DefaultCurrentUserProvider
|
|||
current_user = User.where(auth_token: auth_token).first
|
||||
end
|
||||
|
||||
if current_user && current_user.suspended?
|
||||
if current_user && (current_user.suspended? || !current_user.active)
|
||||
current_user = nil
|
||||
end
|
||||
|
||||
|
|
|
@ -134,7 +134,10 @@ class Guardian
|
|||
def can_approve?(target)
|
||||
is_staff? && target && not(target.approved?)
|
||||
end
|
||||
alias :can_activate? :can_approve?
|
||||
|
||||
def can_activate?(target)
|
||||
is_staff? && target && not(target.active?)
|
||||
end
|
||||
|
||||
def can_suspend?(user)
|
||||
user && is_staff? && user.regular?
|
||||
|
|
|
@ -195,6 +195,14 @@ describe SessionController do
|
|||
end
|
||||
end
|
||||
|
||||
describe 'deactivated user' do
|
||||
it 'should return an error' do
|
||||
User.any_instance.stubs(:active).returns(false)
|
||||
xhr :post, :create, login: user.username, password: 'myawesomepassword'
|
||||
expect(JSON.parse(response.body)['error']).to eq(I18n.t('login.not_activated'))
|
||||
end
|
||||
end
|
||||
|
||||
describe 'success by username' do
|
||||
it 'logs in correctly' do
|
||||
xhr :post, :create, login: user.username, password: 'myawesomepassword'
|
||||
|
|
Loading…
Reference in New Issue
Block a user