summaryrefslogtreecommitdiff
path: root/internal/api/security/tokencheck.go
diff options
context:
space:
mode:
Diffstat (limited to 'internal/api/security/tokencheck.go')
-rw-r--r--internal/api/security/tokencheck.go22
1 files changed, 22 insertions, 0 deletions
diff --git a/internal/api/security/tokencheck.go b/internal/api/security/tokencheck.go
index b68f0b94f..e366af2ea 100644
--- a/internal/api/security/tokencheck.go
+++ b/internal/api/security/tokencheck.go
@@ -62,6 +62,22 @@ func (m *Module) TokenCheck(c *gin.Context) {
l.Warnf("no user found for userID %s", userID)
return
}
+
+ if user.ConfirmedAt.IsZero() {
+ l.Warnf("authenticated user %s has never confirmed thier email address", userID)
+ return
+ }
+
+ if !user.Approved {
+ l.Warnf("authenticated user %s's account was never approved by an admin", userID)
+ return
+ }
+
+ if user.Disabled {
+ l.Warnf("authenticated user %s's account was disabled'", userID)
+ return
+ }
+
c.Set(oauth.SessionAuthorizedUser, user)
// fetch account for this token
@@ -74,6 +90,12 @@ func (m *Module) TokenCheck(c *gin.Context) {
l.Warnf("no account found for userID %s", userID)
return
}
+
+ if !acct.SuspendedAt.IsZero() {
+ l.Warnf("authenticated user %s's account (accountId=%s) has been suspended", userID, user.AccountID)
+ return
+ }
+
c.Set(oauth.SessionAuthorizedAccount, acct)
}
generated by cgit v1.2.3 (git 2.46.0) at 2025-07-12 23:27:57 +0000