Handle deactivated user at login

4e997c7c · Lukas Burgey · ecd9041a · 4e997c7c
Commit 4e997c7c authored Feb 28, 2018 by Lukas Burgey
--- a/django_backend/backend/auth/v1/views.py
+++ b/django_backend/backend/auth/v1/views.py
@@ -50,7 +50,6 @@ def set_session(request, key, value):

 class Auth(View):
    def get(self, request, **kwargs):
-        logger.debug('Auth')
        try:

            state = rndstr()
@@ -80,7 +79,6 @@ class Auth(View):

 class AuthCallback(View):
    def get(self, request, **kwargs):
-        logger.debug('AuthCallback')
        try:
            state = get_session(request, 'state', None)
            idp_id = get_session(request, 'idp_id', default_idp().id)
@@ -121,16 +119,21 @@ class AuthCallback(View):
                token=ac_token_response['access_token'],
            )

+            response = redirect('/')
+
            if user is None:
-                # authentication failed -> 401
-                msg = 'Login for user {} failed'.format(request.user)
+                # authentication failed -> "401"
+                logger.error('User failed to log in'.format(request.user))
                request.session['error'] = 'Login failed'
-                logger.error(msg)
-                response = HttpResponse('Unauthorized', status=401)
+                # response = HttpResponse('Unauthorized', status=401)
+            elif not user.is_active:
+                # user is deactivated -> "403"
+                logger.info('{} tried to log in'.format(user))
+                request.session['error'] = 'Account deactivated'
+                # response = HttpResponse('Forbidden', status=403)
            else:
-                # redirect back to the frontend
+                # user authenticated -> back to frontend
                login(request, user)
-                response = redirect('/')
                response.set_cookie('sessionid', request.COOKIES['sessionid'])

            return response