From e323156947a93ba65a99f927ed2d99c738c34f2b Mon Sep 17 00:00:00 2001
From: Frédéric Mangano-Tarumi <fmang@mg0.fr>
Date: Mon, 20 Jul 2020 16:25:22 +0200
Subject: SSO: Port account suspension

Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
---
 aurweb/routers/sso.py | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py
index efd4462c..3e3b743d 100644
--- a/aurweb/routers/sso.py
+++ b/aurweb/routers/sso.py
@@ -41,11 +41,20 @@ async def login(request: Request):
     return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login")
 
 
+def is_account_suspended(conn, user_id):
+    row = conn.execute(select([Users.c.Suspended]).where(Users.c.ID == user_id)).fetchone()
+    return row is not None and bool(row[0])
+
+
 def open_session(conn, user_id):
     """
     Create a new user session into the database. Return its SID.
     """
-    # TODO check for account suspension
+    # TODO Handle translations.
+    if is_account_suspended(conn, user_id):
+        raise HTTPException(status_code=403, detail='Account suspended')
+        # TODO This is a terrible message because it could imply the attempt at
+        #      logging in just caused the suspension.
     # TODO apply [options] max_sessions_per_user
     sid = uuid.uuid4().hex
     conn.execute(Sessions.insert().values(
-- 
cgit v1.2.3-24-g4f1b