From cbdb43579a5c90dfca700c226e0726f1cbd8d6dd Mon Sep 17 00:00:00 2001 From: Ronald Moesbergen Date: Fri, 12 Jan 2024 18:09:48 +0100 Subject: [PATCH] fix: disable retired users on oauth login --- LedenAdministratie/oidc.py | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/LedenAdministratie/oidc.py b/LedenAdministratie/oidc.py index c300fe5..61ecc86 100644 --- a/LedenAdministratie/oidc.py +++ b/LedenAdministratie/oidc.py @@ -18,7 +18,7 @@ class DJOOAuth2Validator(OAuth2Validator): # This needs to be without the 'request' parameter + lambda's to support claim discovery # pylint: disable=arguments-differ - def get_additional_claims(self): + def get_additional_claims(self) -> dict: return { "given_name": lambda request: request.user.first_name, "family_name": lambda request: request.user.last_name, @@ -34,3 +34,19 @@ def get_additional_claims(self): if request.user.member.active_stripcard else None, } + + def validate_user( + self, username, password, client, request, *args, **kwargs + ) -> bool: + if not super().validate_user( + username, password, client, request, *args, **kwargs + ): + # User doesn't exist or is not active + return False + # User exists and is active, now check the end date of the linked Member + if request.user.member.is_active(): + return True + # User end date has passed -> disable + request.user.active = False + request.user.save() + return False