stages/user_login: add check for user.is_active and tests

Signed-off-by: Jens Langhammer <jens.langhammer@beryju.org>
2021-10-04 18:37:05 +02:00 · 2021-10-04 18:37:05 +02:00 · 73bb778d62
parent b612a82e16
commit 73bb778d62
2 changed files with 32 additions and 2 deletions
--- a/authentik/stages/user_login/stage.py
+++ b/authentik/stages/user_login/stage.py
@ -5,6 +5,7 @@ from django.http import HttpRequest, HttpResponse
 from django.utils.translation import gettext as _
 from structlog.stdlib import get_logger

+from authentik.core.models import User
 from authentik.flows.planner import PLAN_CONTEXT_PENDING_USER
 from authentik.flows.stage import StageView
 from authentik.lib.utils.time import timedelta_from_string
@ -32,9 +33,12 @@ class UserLoginStageView(StageView):
        backend = self.executor.plan.context.get(
            PLAN_CONTEXT_AUTHENTICATION_BACKEND, BACKEND_INBUILT
        )
+        user: User = self.executor.plan.context[PLAN_CONTEXT_PENDING_USER]
+        if not user.is_active:
+            LOGGER.warning("User is not active, login will not work.")
        login(
            self.request,
-            self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
+            user,
            backend=backend,
        )
        delta = timedelta_from_string(self.executor.current_stage.session_duration)
@ -45,7 +49,7 @@ class UserLoginStageView(StageView):
        LOGGER.debug(
            "Logged in",
            backend=backend,
-            user=self.executor.plan.context[PLAN_CONTEXT_PENDING_USER],
+            user=user,
            flow_slug=self.executor.flow.slug,
            session_duration=self.executor.current_stage.session_duration,
        )
--- a/authentik/stages/user_login/tests.py
+++ b/authentik/stages/user_login/tests.py
@ -109,3 +109,29 @@ class TestUserLoginStage(APITestCase):
                },
            },
        )
+
+    def test_inactive_account(self):
+        """Test with a valid pending user and backend"""
+        self.user.is_active = False
+        self.user.save()
+        plan = FlowPlan(flow_pk=self.flow.pk.hex, bindings=[self.binding], markers=[StageMarker()])
+        plan.context[PLAN_CONTEXT_PENDING_USER] = self.user
+        session = self.client.session
+        session[SESSION_KEY_PLAN] = plan
+        session.save()
+
+        response = self.client.get(
+            reverse("authentik_api:flow-executor", kwargs={"flow_slug": self.flow.slug})
+        )
+
+        self.assertEqual(response.status_code, 200)
+        self.assertJSONEqual(
+            force_str(response.content),
+            {
+                "component": "xak-flow-redirect",
+                "to": reverse("authentik_core:root-redirect"),
+                "type": ChallengeTypes.REDIRECT.value,
+            },
+        )
+        response = self.client.get(reverse("authentik_api:application-list"))
+        self.assertEqual(response.status_code, 403)