Skip to content
GitLab
Projects
Groups
Snippets
/
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
Arch Linux
aurweb
Commits
7cc20cd9
Verified
Commit
7cc20cd9
authored
Feb 18, 2022
by
Kevin Morris
Browse files
fix: suspended users should not be able to login
Signed-off-by:
Kevin Morris
<
kevr@0cost.org
>
parent
e43e1c6d
Changes
2
Hide whitespace changes
Inline
Side-by-side
aurweb/routers/auth.py
View file @
7cc20cd9
...
...
@@ -46,13 +46,19 @@ async def login_post(request: Request,
raise
HTTPException
(
status_code
=
HTTPStatus
.
BAD_REQUEST
,
detail
=
_
(
"Bad Referer header."
))
user
=
db
.
query
(
User
).
filter
(
or_
(
User
.
Username
==
user
,
User
.
Email
==
user
)
).
first
()
with
db
.
begin
():
user
=
db
.
query
(
User
).
filter
(
or_
(
User
.
Username
==
user
,
User
.
Email
==
user
)
).
first
()
if
not
user
:
return
await
login_template
(
request
,
next
,
errors
=
[
"Bad username or password."
])
if
user
.
Suspended
:
return
await
login_template
(
request
,
next
,
errors
=
[
"Account Suspended"
])
cookie_timeout
=
cookies
.
timeout
(
remember_me
)
sid
=
user
.
login
(
request
,
passwd
,
cookie_timeout
)
if
not
sid
:
...
...
test/test_auth_routes.py
View file @
7cc20cd9
...
...
@@ -14,6 +14,7 @@ from aurweb.asgi import app
from
aurweb.models.account_type
import
USER_ID
from
aurweb.models.session
import
Session
from
aurweb.models.user
import
User
from
aurweb.testing.html
import
get_errors
# Some test global constants.
TEST_USERNAME
=
"test"
...
...
@@ -79,6 +80,21 @@ def test_login_logout(client: TestClient, user: User):
assert
"AURSID"
not
in
response
.
cookies
def
test_login_suspended
(
client
:
TestClient
,
user
:
User
):
with
db
.
begin
():
user
.
Suspended
=
1
data
=
{
"user"
:
user
.
Username
,
"passwd"
:
"testPassword"
,
"next"
:
"/"
}
with
client
as
request
:
resp
=
request
.
post
(
"/login"
,
data
=
data
)
errors
=
get_errors
(
resp
.
text
)
assert
errors
[
0
].
text
.
strip
()
==
"Account Suspended"
def
test_login_email
(
client
:
TestClient
,
user
:
user
):
post_data
=
{
"user"
:
user
.
Email
,
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment