Commit b7b8d820 authored by Elouan Martinet's avatar Elouan Martinet
Browse files

[tools] Check that the user is activated when authenticating

parent 77c18882e413
Pipeline #15144 passed with stage
in 1 minute and 51 seconds
......@@ -174,8 +174,6 @@ def authenticate_user(session, tokenid, signed_content, signature):
:signature: the signature (usually extracted from the headers
using get_credentals_from_headers), as *bytes*
Warning: it does not check whether the user is enabled or not.
Returns the user's eid on success.
"""
......@@ -184,7 +182,9 @@ def authenticate_user(session, tokenid, signed_content, signature):
"Any U, K WHERE T token_for_user U, "
" T token K, "
" T enabled True, "
" T id %(id)s",
" T id %(id)s, "
" U in_state ST, "
' ST name "activated"',
{"id": tokenid},
)
if not rset:
......
......@@ -217,3 +217,20 @@ class SignedRequestBaseTC(object):
url="/testauth?key1=value1",
)
self._assert_auth(req, result)
def test_deactivated_user(self):
with self.admin_access.repo_cnx() as cnx:
user = cnx.find("CWUser", login="admin").one()
flowable = user.cw_adapt_to("IWorkflowable")
flowable.fire_transition("deactivate")
cnx.commit()
result, req = self._test_header_format(method="Cubicweb", login="admin")
self._assert_auth_failed(req, result)
flowable.fire_transition("activate")
cnx.commit()
result, req = self._test_header_format(method="Cubicweb", login="admin")
self._assert_auth(req, result)
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment