Fix for disabled logged-in users (#6612)

fix https://github.com/FreshRSS/FreshRSS/issues/6611 Logged-in users were still able to use their account for some time despite having being disabled by admin
author: Alexandre Alapetite <alexandre@alapetite.fr> 2024-07-08 11:05:58 +0200
committer: GitHub <noreply@github.com> 2024-07-08 11:05:58 +0200
commit: 4738ca851207f07bdfc409ecb16d3fc754e5bf48 (patch)
tree: c6acc0a425f28f108643adf17c37291a610d2784 /app/Models/Auth.php
parent: 8ae95055dce9935ec32fb986417f4c5703a32bf9 (diff)
1 files changed, 9 insertions, 8 deletions
diff --git a/app/Models/Auth.php b/app/Models/Auth.php
index ecb8ead2f..416f3061d 100644
--- a/app/Models/Auth.php
+++ b/app/Models/Auth.php
@@ -31,15 +31,16 @@ class FreshRSS_Auth {
 			]);
 		}
 
-		if (self::$login_ok) {
-			self::giveAccess();
-		} elseif (self::accessControl() && self::giveAccess()) {
+		if (self::$login_ok && self::giveAccess()) {
+			return self::$login_ok;
+		}
+		if (self::accessControl() && self::giveAccess()) {
 			FreshRSS_UserDAO::touch();
-		} else {
-			// Be sure all accesses are removed!
-			self::removeAccess();
+			return self::$login_ok;
 		}
-		return self::$login_ok;
+		// Be sure all accesses are removed!
+		self::removeAccess();
+		return false;
 	}
 
 	/**
@@ -103,7 +104,7 @@ class FreshRSS_Auth {
 	 */
 	public static function giveAccess(): bool {
 		FreshRSS_Context::initUser();
-		if (!FreshRSS_Context::hasUserConf()) {
+		if (!FreshRSS_Context::hasUserConf() || !FreshRSS_Context::userConf()->enabled) {
 			self::$login_ok = false;
 			return false;
 		}
author	Alexandre Alapetite <alexandre@alapetite.fr>	2024-07-08 11:05:58 +0200
committer	GitHub <noreply@github.com>	2024-07-08 11:05:58 +0200
commit	4738ca851207f07bdfc409ecb16d3fc754e5bf48 (patch)
tree	c6acc0a425f28f108643adf17c37291a610d2784 /app/Models/Auth.php
parent	8ae95055dce9935ec32fb986417f4c5703a32bf9 (diff)