Support the locked flag on users

When a user is locked, they cannot log in and their current login sessions are not treated as valid
2025-06-15 10:21:33 +01:00 · 2025-06-15 10:21:33 +01:00 · 82ae441cd6
commit 82ae441cd6
parent 8d7e7b9004
5 changed files with 26 additions and 2 deletions
--- a/.sqlx/query-538a383380149c9e15a00ace88358b17dff05d39a231f75c6e5136cefca39d0a.json
+++ b/.sqlx/query-538a383380149c9e15a00ace88358b17dff05d39a231f75c6e5136cefca39d0a.json
@ -1,6 +1,6 @@
 {
  "db_name": "PostgreSQL",
-  "query": "\n            SELECT user_name, user_id, login_session_id, xsrf_secret\n            FROM login_sessions INNER JOIN users USING (user_id)\n            WHERE login_session_token_hash = $1\n        ",
+  "query": "\n            SELECT user_name, user_id, login_session_id, xsrf_secret\n            FROM login_sessions INNER JOIN users USING (user_id)\n            WHERE login_session_token_hash = $1\n            AND NOT locked\n        ",
  "describe": {
    "columns": [
      {
@ -36,5 +36,5 @@
      false
    ]
  },
-  "hash": "125d60c302bfc35fa7edc71b4c23c1a4fd81060df92388ccbfd43dd8c5771031"
+  "hash": "538a383380149c9e15a00ace88358b17dff05d39a231f75c6e5136cefca39d0a"
 }
--- a/src/store.rs
+++ b/src/store.rs
@ -345,6 +345,7 @@ impl IdCoopStoreTxn<'_, '_> {
            SELECT user_name, user_id, login_session_id, xsrf_secret
            FROM login_sessions INNER JOIN users USING (user_id)
            WHERE login_session_token_hash = $1
+            AND NOT locked
        ",
            login_session_token_hash
        )
--- a/src/web/login.rs
+++ b/src/web/login.rs
@ -473,6 +473,16 @@ pub(crate) async fn post_login(
            .into_response());
    }

+    if user.locked {
+        return Ok((
+            StatusCode::FORBIDDEN,
+            Rendered(render_template_string!(TEMPLATING, login_locked, locale, {
+                ambient
+            })),
+        )
+            .into_response());
+    }
+
    //
    //
    //
--- a/templates/pages/login_locked.hnb
+++ b/templates/pages/login_locked.hnb
@ -0,0 +1,10 @@
+CentredPage {$ambient}
+    :title
+        @login_locked_title
+
+    :main
+        h1
+            @login_locked_title
+
+        article
+            @login_locked_main
--- a/translations/en/login.ftl
+++ b/translations/en/login.ftl
@ -37,3 +37,6 @@ logout_ask_main = Would you like to log out?

 logout_success_title = Logged out!
 logout_success_main = Successfully logged out. See you again soon!
+
+login_locked_title = Your account is locked
+login_locked_main = Your account is currently locked and can't be used. Contact your administrator for more details.