From b969854592b1583a9b8643c124df5b5e12744a3a Mon Sep 17 00:00:00 2001 From: Francesco Siddi Date: Fri, 24 Jul 2020 12:45:06 +0200 Subject: [PATCH] Prevent deleted users from logging in --- pillar/web/users/routes.py | 3 +++ 1 file changed, 3 insertions(+) diff --git a/pillar/web/users/routes.py b/pillar/web/users/routes.py index 73073e4a..bd223411 100644 --- a/pillar/web/users/routes.py +++ b/pillar/web/users/routes.py @@ -72,6 +72,9 @@ def oauth_callback(provider): # Find or create user user_info = {'id': oauth_user.id, 'email': oauth_user.email, 'full_name': ''} db_user = find_user_in_db(user_info, provider=provider) + if '_deleted' in db_user and db_user['_deleted'] is True: + log.debug('User has been deleted and will not be logge in') + return redirect(next_after_login) db_id, status = upsert_user(db_user) # TODO(Sybren): If the user doesn't have any badges, but the access token