From 3c1d40252c6edbbf28a45fd415100bbe74804fe6 Mon Sep 17 00:00:00 2001
From: Peter Ivanov <peter@microweber.com>
Date: Fri, 22 Oct 2021 15:27:15 +0300
Subject: [PATCH] update

---
 .../Http/Controllers/UserLoginController.php  | 42 +++++++++----
 src/MicroweberPackages/User/UserManager.php   |  7 +++
 .../User/tests/UserLoginControllerTest.php    | 63 ++++++++++++++++++-
 3 files changed, 100 insertions(+), 12 deletions(-)

diff --git a/src/MicroweberPackages/User/Http/Controllers/UserLoginController.php b/src/MicroweberPackages/User/Http/Controllers/UserLoginController.php
index a2d9efd5405..ebc9cb3b905 100644
--- a/src/MicroweberPackages/User/Http/Controllers/UserLoginController.php
+++ b/src/MicroweberPackages/User/Http/Controllers/UserLoginController.php
@@ -68,12 +68,18 @@ public function login(LoginRequest $request)
             mw()->lang_helper->set_current_lang($requestLang);
             \Cookie::queue('lang', $requestLang, 86400 * 30);
         }
-
+        $is_logged_out = false;
         if (Auth::check()) {
+            $user = Auth::user();
+            if ($user and isset($user->is_active) and intval($user->is_active) == 0) {
+                // logout user if its set inactive in database
+                Auth::logout();
+                $is_logged_out = true;
+            }
 
             // This will be used for whmcs login redirect
 			if (isset($redirectParams['http_redirect'])) {
-                if (intval(Auth::user()->is_admin) == 1 && (isset($redirectParams['where_to']) && $redirectParams['where_to'] == 'admin_content')) {
+                if (!$is_logged_out and intval($user->is_admin) == 1 && (isset($redirectParams['where_to']) && $redirectParams['where_to'] == 'admin_content')) {
                     return redirect(admin_url());
                 } else {
                     return redirect(site_url());
@@ -81,14 +87,21 @@ public function login(LoginRequest $request)
             }
 
             $message = [];
-            if (Auth::user()->is_admin == 1) {
-                //"message": "SQLSTATE[HY000] [1045] Access denied for user 'forge'@'localhost' (using password: NO) (SQL: select exists(select * from `oauth_personal_access_clients`) as `exists`)",
-              //  $message['token'] = auth()->user()->createToken('authToken');
+//            if (!$is_logged_out and Auth::user()->is_admin == 1) {
+//                //"message": "SQLSTATE[HY000] [1045] Access denied for user 'forge'@'localhost' (using password: NO) (SQL: select exists(select * from `oauth_personal_access_clients`) as `exists`)",
+//              //  $message['token'] = auth()->user()->createToken('authToken');
+//            }
+
+            if(!$is_logged_out){
+                $message['data'] = [];
+                $message['error'] = 'Your account is disabled';
+                return response()->json($message, 200);
+            } else {
+                $message['data'] = auth()->user();
+                $message['success'] = 'You are logged in';
+                return response()->json($message, 200);
             }
 
-            $message['data'] = auth()->user();
-            $message['success'] = 'You are logged in';
-            return response()->json($message, 200);
         }
 
         if (!isset($request['email']) and isset($request['username'])) {
@@ -114,10 +127,12 @@ public function login(LoginRequest $request)
         $login = Auth::attempt($loginData,$remember = true);
         if ($login) {
 
+            $isApprovalRequired = Option::getValue('registration_approval_required', 'users');
+            $isVerfiedEmailRequired = Option::getValue('register_email_verify', 'users');
+
             $userData = auth()->user();
 
             if (Auth::user()->is_admin == 0) {
-                $isVerfiedEmailRequired = Option::getValue('register_email_verify', 'users');
 
                 if ($isVerfiedEmailRequired) {
 
@@ -129,9 +144,7 @@ public function login(LoginRequest $request)
                     }
                 }
 
-                $isApprovalRequired = Option::getValue('registration_approval_required', 'users');
                  if ($isApprovalRequired) {
-
                     if (!$userData->is_active) {
                         $message = [];
                         $message['error'] = 'Your account is awaiting approval';
@@ -147,6 +160,13 @@ public function login(LoginRequest $request)
 //                //   $userData->token = auth()->user()->createToken('authToken');
 //            }
 
+            if ($userData and !$userData->is_active) {
+                $message = [];
+                $message['error'] = 'Your account is disabled';
+                Auth::logout();
+                return response()->json($message, 200);
+            }
+
 
             $response['success'] = _e('You are logged in', 1);
             app()->user_manager->login_set_success_attempt($request);
diff --git a/src/MicroweberPackages/User/UserManager.php b/src/MicroweberPackages/User/UserManager.php
index 2264adc5d27..cc2c5c69b7f 100644
--- a/src/MicroweberPackages/User/UserManager.php
+++ b/src/MicroweberPackages/User/UserManager.php
@@ -442,6 +442,13 @@ public function is_logged()
         }
 
         if (Auth::check()) {
+            $user =Auth::user();
+            if ($user and isset($user->is_active) and intval($user->is_active) == 0) {
+                // logout user if its set inactive in database
+                $this->logout();
+                return false;
+            }
+
             return true;
         } else {
             return false;
diff --git a/src/MicroweberPackages/User/tests/UserLoginControllerTest.php b/src/MicroweberPackages/User/tests/UserLoginControllerTest.php
index 3b6c211daf2..737ce340490 100644
--- a/src/MicroweberPackages/User/tests/UserLoginControllerTest.php
+++ b/src/MicroweberPackages/User/tests/UserLoginControllerTest.php
@@ -2,7 +2,9 @@
 
 namespace MicroweberPackages\User\tests;
 
+use Illuminate\Support\Facades\Auth;
 use MicroweberPackages\Core\tests\TestCase;
+use MicroweberPackages\User\Models\User;
 use MicroweberPackages\Utils\Mail\MailSender;
 
 
@@ -169,5 +171,64 @@ public function testUserLoginRequiresCaptcha()
 
     }
 
+    public function testUserIsLoggedAfterChangeOfIsActive()
+    {
+        $this->_enableUserRegistration();
+        $this->_disableCaptcha();
+        $this->_disableEmailVerify();
+        $this->_disableLoginCaptcha();
+
+
+        $email = 'testusexXr_' . uniqid() . '@aa.bb';
+        $password = 'pass__' . uniqid();
+
+        $user = $this->_registerUserWithEmail($email, $password);
+
+        $response = $this->json(
+            'POST',
+            route('api.user.login'),
+            [
+                'username' => $email,
+                'password' => $password,
+                'where_to' => 'home',
+            ]
+        );
+
+        $userData = $response->getData(true);
+
+        $this->assertArrayHasKey("redirect", $userData);
+        $this->assertArrayHasKey("success", $userData);
+
+        $is_logged = is_logged();
+        $this->assertTrue($is_logged);
+        $loginData = [
+            'username' => $email,
+            'password' => $password,
+            'where_to' => 'home'
+        ];
+
+        $user = User::find($userData['data']['id']);
+        $user->is_active = 0;
+        $user->save();
+
+        $response = $this->json(
+            'POST',
+            route('api.user.login'),
+            $loginData
+        );
+        $userData = $response->getData(true);
+        $this->assertEquals($userData['error'], "Your account is disabled");
+
+        Auth::logout();
+        $response = $this->json(
+            'POST',
+            route('api.user.login'),
+            $loginData
+        );
+        $userData = $response->getData(true);
+
+        $this->assertEquals($userData['error'], "Your account is disabled");
+    }
+
 
-}
\ No newline at end of file
+}