azaion/admin
1
0
Fork 0
mirror of https://github.com/azaion/admin.git synced 2026-04-22 09:16:34 +00:00
Code Issues Packages Projects Releases Wiki Activity

[AZ-198] Block disabled user login

Browse Source 
Made-with: Cursor
This commit is contained in:
Oleksandr Bezdieniezhnykh
2026-04-16 06:49:00 +03:00
parent 9da34a594b
commit 5286b6b8e3
3 changed files with 18 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Azaion.Common/BusinessException.cs
+3
View File
@@ -36,6 +36,9 @@ public enum ExceptionEnum
WrongEmail = 37,
[Description("User account is disabled.")]
UserDisabled = 38,
[Description("Hardware mismatch! You are not authorized to access this resource from this hardware.")]
HardwareIdMismatch = 40,
Azaion.Services/UserService.cs
+3
View File
@@ -63,6 +63,9 @@ public class UserService(IDbFactory dbFactory, ICache cache) : IUserService
if (request.Password.ToHash() != user.PasswordHash)
throw new BusinessException(ExceptionEnum.WrongPassword);
if (!user.IsEnabled)
throw new BusinessException(ExceptionEnum.UserDisabled);
return user;
});
e2e/Azaion.E2E/Tests/SecurityTests.cs
+12 -2
View File
@@ -19,6 +19,13 @@ public sealed class SecurityTests
PropertyNamingPolicy = JsonNamingPolicy.CamelCase
};
private static readonly JsonSerializerOptions ResponseJsonOptions = new()
{
PropertyNameCaseInsensitive = true
};
private sealed record ErrorResponse(int ErrorCode, string Message);
private readonly TestFixture _fixture;
public SecurityTests(TestFixture fixture) => _fixture = fixture;
@@ -195,7 +202,7 @@ public sealed class SecurityTests
}
}
[Fact(Skip = "API bug: login does not check IsEnabled — disabled users can still log in")]
[Fact]
public async Task Disabled_user_cannot_log_in()
{
// Arrange
@@ -218,7 +225,10 @@ public sealed class SecurityTests
using var login = await client.PostAsync("/login", new { email, password });
// Assert
login.StatusCode.Should().BeOneOf(HttpStatusCode.Forbidden, HttpStatusCode.Conflict);
login.StatusCode.Should().Be(HttpStatusCode.Conflict);
var err = await login.Content.ReadFromJsonAsync<ErrorResponse>(ResponseJsonOptions);
err.Should().NotBeNull();
err!.ErrorCode.Should().Be(38);
}
finally
{