diff options
author | Frédéric Mangano-Tarumi <fmang@mg0.fr> | 2020-07-20 16:25:22 +0200 |
---|---|---|
committer | Lukas Fleischer <lfleischer@archlinux.org> | 2021-02-20 17:24:30 +0100 |
commit | e323156947a93ba65a99f927ed2d99c738c34f2b (patch) | |
tree | 3ab884fd8ffd32814f662489072ab6ed22166315 | |
parent | 0e08b151e5c3606e573b1f7113466b5dd6efdcef (diff) | |
download | aur-e323156947a93ba65a99f927ed2d99c738c34f2b.tar.gz aur-e323156947a93ba65a99f927ed2d99c738c34f2b.tar.xz |
SSO: Port account suspension
Signed-off-by: Lukas Fleischer <lfleischer@archlinux.org>
-rw-r--r-- | aurweb/routers/sso.py | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/aurweb/routers/sso.py b/aurweb/routers/sso.py index efd4462c..3e3b743d 100644 --- a/aurweb/routers/sso.py +++ b/aurweb/routers/sso.py @@ -41,11 +41,20 @@ async def login(request: Request): return await oauth.sso.authorize_redirect(request, redirect_uri, prompt="login") +def is_account_suspended(conn, user_id): + row = conn.execute(select([Users.c.Suspended]).where(Users.c.ID == user_id)).fetchone() + return row is not None and bool(row[0]) + + def open_session(conn, user_id): """ Create a new user session into the database. Return its SID. """ - # TODO check for account suspension + # TODO Handle translations. + if is_account_suspended(conn, user_id): + raise HTTPException(status_code=403, detail='Account suspended') + # TODO This is a terrible message because it could imply the attempt at + # logging in just caused the suspension. # TODO apply [options] max_sessions_per_user sid = uuid.uuid4().hex conn.execute(Sessions.insert().values( |