azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-23 01:36:32 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-198] Block disabled user login

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:49:00 +03:00
parent 9da34a594b
commit 5286b6b8e3
3 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Azaion.Common/BusinessException.cs
+3
View File
@@ -36,6 +36,9 @@ public enum ExceptionEnum
WrongEmail = 37, WrongEmail = 37,
[Description("User account is disabled.")]
UserDisabled = 38,
[Description("Hardware mismatch! You are not authorized to access this resource from this hardware.")] [Description("Hardware mismatch! You are not authorized to access this resource from this hardware.")]
HardwareIdMismatch = 40, HardwareIdMismatch = 40,
Azaion.Services/UserService.cs
+3
View File
@@ -63,6 +63,9 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
if (request.Password.ToHash() != user.PasswordHash) if (request.Password.ToHash() != user.PasswordHash)
throw new BusinessException(ExceptionEnum.WrongPassword); throw new BusinessException(ExceptionEnum.WrongPassword);
if (!user.IsEnabled)
throw new BusinessException(ExceptionEnum.UserDisabled);
return user; return user;
}); });
e2e/Azaion.E2E/Tests/SecurityTests.cs
+12 -2
View File
@@ -19,6 +19,13 @@ public sealed class SecurityTests
PropertyNamingPolicy = JsonNamingPolicy.CamelCase PropertyNamingPolicy = JsonNamingPolicy.CamelCase
}; };
private static readonly JsonSerializerOptions ResponseJsonOptions = new()
{
PropertyNameCaseInsensitive = true
};
private sealed record ErrorResponse(int ErrorCode, string Message);
private readonly TestFixture _fixture; private readonly TestFixture _fixture;
public SecurityTests(TestFixture fixture) => _fixture = fixture; public SecurityTests(TestFixture fixture) => _fixture = fixture;
@@ -195,7 +202,7 @@ public sealed class SecurityTests
} }
} }
[Fact(Skip = "API bug: login does not check IsEnabled — disabled users can still log in")] [Fact]
public async Task Disabled_user_cannot_log_in() public async Task Disabled_user_cannot_log_in()
{ {
// Arrange // Arrange
@@ -218,7 +225,10 @@ public sealed class SecurityTests
using var login = await client.PostAsync("/login", new { email, password }); using var login = await client.PostAsync("/login", new { email, password });
// Assert // Assert
login.StatusCode.Should().BeOneOf(HttpStatusCode.Forbidden, HttpStatusCode.Conflict); login.StatusCode.Should().Be(HttpStatusCode.Conflict);
var err = await login.Content.ReadFromJsonAsync<ErrorResponse>(ResponseJsonOptions);
err.Should().NotBeNull();
err!.ErrorCode.Should().Be(38);
} }
finally finally
{ {