From 123dc519af4e9963f7c14bd4533ee78eef4f64ac Mon Sep 17 00:00:00 2001
From: Pierre Hubert <pierre.git@communiquons.org>
Date: Sun, 3 Apr 2022 14:42:16 +0200
Subject: [PATCH] Disabled accounts can not login

---
 src/actors/users_actor.rs           | 5 +++++
 src/controllers/login_controller.rs | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/actors/users_actor.rs b/src/actors/users_actor.rs
index b11fb9d..eeb6c29 100644
--- a/src/actors/users_actor.rs
+++ b/src/actors/users_actor.rs
@@ -7,6 +7,7 @@ use crate::data::user::{User, UserID, verify_password};
 pub enum LoginResult {
     AccountNotFound,
     InvalidPassword,
+    AccountDisabled,
     Success(User),
 }
 
@@ -54,6 +55,10 @@ impl Handler<LoginRequest> for UsersActor {
                     return MessageResult(LoginResult::InvalidPassword);
                 }
 
+                if !user.enabled {
+                    return MessageResult(LoginResult::AccountDisabled);
+                }
+
                 MessageResult(LoginResult::Success(user))
             }
         }
diff --git a/src/controllers/login_controller.rs b/src/controllers/login_controller.rs
index f1b4796..75f83b5 100644
--- a/src/controllers/login_controller.rs
+++ b/src/controllers/login_controller.rs
@@ -114,6 +114,11 @@ pub async fn login_route(users: web::Data<Addr<UsersActor>>,
                 }
             }
 
+            LoginResult::AccountDisabled => {
+                log::warn!("Failed login for username {} : account is disabled", login);
+                danger = "Your account is disabled!".to_string();
+            }
+
             c => {
                 // TODO : add bruteforce detection
                 log::warn!("Failed login for username {} : {:?}", login, c);