Handle deactivated user at login

django_backend/backend/auth/v1/views.py

@@ -50,7 +50,6 @@ def set_session(request, key, value):
 
 class Auth(View):
     def get(self, request, **kwargs):
-        logger.debug('Auth')
         try:
 
             state = rndstr()
@@ -80,7 +79,6 @@ class Auth(View):
 
 class AuthCallback(View):
     def get(self, request, **kwargs):
-        logger.debug('AuthCallback')
         try:
             state = get_session(request, 'state', None)
             idp_id = get_session(request, 'idp_id', default_idp().id)
@@ -121,16 +119,21 @@ class AuthCallback(View):
                 token=ac_token_response['access_token'],
             )
 
+            response = redirect('/')
+
             if user is None:
-                # authentication failed -> 401
-                msg = 'Login for user {} failed'.format(request.user)
+                # authentication failed -> "401"
+                logger.error('User failed to log in'.format(request.user))
                 request.session['error'] = 'Login failed'
-                logger.error(msg)
-                response = HttpResponse('Unauthorized', status=401)
+                # response = HttpResponse('Unauthorized', status=401)
+            elif not user.is_active:
+                # user is deactivated -> "403"
+                logger.info('{} tried to log in'.format(user))
+                request.session['error'] = 'Account deactivated'
+                # response = HttpResponse('Forbidden', status=403)
             else:
-                # redirect back to the frontend
+                # user authenticated -> back to frontend
                 login(request, user)
-                response = redirect('/')
                 response.set_cookie('sessionid', request.COOKIES['sessionid'])
 
             return response