From 3d1f3be4fc3625a236d8e480ac960dba9cf4dc79 Mon Sep 17 00:00:00 2001 From: Marc Hannappel Date: Wed, 25 Oct 2017 14:40:49 +0200 Subject: [PATCH] Make sure that deactivated Users can't login --- src/octoprint/server/api/__init__.py | 3 +++ .../static/js/app/viewmodels/loginstate.js | 21 +++++++++++++++++-- 2 files changed, 22 insertions(+), 2 deletions(-) diff --git a/src/octoprint/server/api/__init__.py b/src/octoprint/server/api/__init__.py index 1c43b5e1..deb7225f 100644 --- a/src/octoprint/server/api/__init__.py +++ b/src/octoprint/server/api/__init__.py @@ -204,6 +204,9 @@ def login(): user = octoprint.server.userManager.findUser(username) if user is not None: + if not user.is_active(): + return make_response(("Your account is deactivated", 403, [])) + if octoprint.server.userManager.checkPassword(username, password): if octoprint.server.userManager.enabled: user = octoprint.server.userManager.login_user(user) diff --git a/src/octoprint/static/js/app/viewmodels/loginstate.js b/src/octoprint/static/js/app/viewmodels/loginstate.js index abead92c..158ad790 100644 --- a/src/octoprint/static/js/app/viewmodels/loginstate.js +++ b/src/octoprint/static/js/app/viewmodels/loginstate.js @@ -113,8 +113,25 @@ $(function() { history.replaceState({success: true}, document.title, window.location.pathname); } }) - .fail(function() { - new PNotify({title: gettext("Login failed"), text: gettext("User unknown or wrong password"), type: "error"}); + .fail(function(response) { + switch(response.status) { + case 401: { + new PNotify({ + title: gettext("Login failed"), + text: gettext("User unknown or wrong password"), + type: "error" + }); + break; + } + case 403: { + new PNotify({ + title: gettext("Login failed"), + text: gettext("Your account is deactivated"), + type: "error" + }); + break; + } + } }); };