Merge pull request #10876 from snipe/fixes/huntr_ebc26354_logout_user_when_deactivated

Logout user when their activated status is switched to off
2025-01-29 14:41:35 -08:00 · 2022-03-29 15:57:24 +01:00 · 2022-03-29 15:57:24 +01:00 · d56552a8af
parent ab18ceb2f9 bdabbbd4e9
commit d56552a8af
3 changed files with 12 additions and 8 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -39,6 +39,7 @@ class Kernel extends HttpKernel
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \App\Http\Middleware\CheckLocale::class,
+            \App\Http\Middleware\CheckUserIsActivated::class,
            \App\Http\Middleware\CheckForTwoFactor::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
            \App\Http\Middleware\AssetCountForSidebar::class,
--- a/app/Http/Middleware/CheckUserIsActivated.php
+++ b/app/Http/Middleware/CheckUserIsActivated.php
@ -4,8 +4,9 @@ namespace App\Http\Middleware;

 use Closure;
 use Illuminate\Contracts\Auth\Guard;
+use Auth;

-class Authenticate
+class CheckUserIsActivated
 {
    /**
     * The Guard implementation.
@ -34,14 +35,16 @@ class Authenticate
     */
    public function handle($request, Closure $next)
    {
-        if ($this->auth->guest()) {
-            if ($request->ajax()) {
-                return response('Unauthorized.', 401);
-            } else {
-                return redirect()->guest('login');
-            }
+
+        // If there is a user AND the user is NOT activated, send them to the login page
+        // This prevents people who still have active sessions logged in and their status gets toggled
+        // to inactive (aka unable to login)
+        if (($request->user()) && (!$request->user()->isActivated())) {
+            Auth::logout();
+            return redirect()->guest('login');
        }

        return $next($request);
+
    }
 }
--- a/resources/lang/en/auth/message.php
+++ b/resources/lang/en/auth/message.php
@ -3,7 +3,7 @@
 return array(

    'account_already_exists' => 'An account with the this email already exists.',
-    'account_not_found'      => 'The username or password is incorrect.',
+    'account_not_found'      => 'The username or password is incorrect or this user is not approved to login.',
    'account_not_activated'  => 'This user account is not activated.',
    'account_suspended'      => 'This user account is suspended.',
    'account_banned'         => 'This user account is banned.',