Make sure that deactivated Users can't login

2017-10-25 14:40:49 +02:00 · 2017-10-25 14:40:49 +02:00 · 3d1f3be4fc
commit 3d1f3be4fc
parent 38c410f80f
2 changed files with 22 additions and 2 deletions
--- a/src/octoprint/server/api/init.py
+++ b/src/octoprint/server/api/init.py
@ -204,6 +204,9 @@ def login():

 		user = octoprint.server.userManager.findUser(username)
 		if user is not None:
+			if not user.is_active():
+				return make_response(("Your account is deactivated", 403, []))
+
 			if octoprint.server.userManager.checkPassword(username, password):
 				if octoprint.server.userManager.enabled:
 					user = octoprint.server.userManager.login_user(user)
--- a/src/octoprint/static/js/app/viewmodels/loginstate.js
+++ b/src/octoprint/static/js/app/viewmodels/loginstate.js
@ -113,8 +113,25 @@ $(function() {
                        history.replaceState({success: true}, document.title, window.location.pathname);
                    }
                })
-                .fail(function() {
-                    new PNotify({title: gettext("Login failed"), text: gettext("User unknown or wrong password"), type: "error"});
+                .fail(function(response) {
+                    switch(response.status) {
+                        case 401: {
+                            new PNotify({
+                                title: gettext("Login failed"),
+                                text: gettext("User unknown or wrong password"),
+                                type: "error"
+                            });
+                            break;
+                        }
+                        case 403: {
+                            new PNotify({
+                                title: gettext("Login failed"),
+                                text: gettext("Your account is deactivated"),
+                                type: "error"
+                            });
+                            break;
+                        }
+                    }
                });
        };