Merge pull request #936 from simple-login/disable-user-cannot-use-api

prevent disabled user from using the api
This commit is contained in:
Son Nguyen Kim 2022-04-28 12:13:14 +02:00 committed by GitHub
commit 93ae82aa46
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 22 additions and 0 deletions

View file

@ -30,6 +30,9 @@ def require_api_auth(f):
g.user = api_key.user
if g.user.disabled:
return jsonify(error="Disabled account"), 403
return f(*args, **kwargs)
return decorated

View file

@ -612,3 +612,22 @@ def test_toggle_contact(flask_client):
assert r.status_code == 200
assert r.json == {"block_forward": True}
def test_get_aliases_disabled_account(flask_client):
user, api_key = get_new_user_and_api_key()
r = flask_client.get(
"/api/v2/aliases?page_id=0",
headers={"Authentication": api_key.code},
)
assert r.status_code == 200
user.disabled = True
Session.commit()
r = flask_client.get(
"/api/v2/aliases?page_id=0",
headers={"Authentication": api_key.code},
)
assert r.status_code == 403