[Fix] Social login not allowed for a disabled user (#2032)

2016-09-12 16:06:35 +05:30 · 2016-09-12 16:06:35 +05:30 · e5bb0bb283
commit e5bb0bb283
parent 51169eb7bc
2 changed files with 9 additions and 3 deletions
--- a/frappe/sessions.py
+++ b/frappe/sessions.py
@ -57,13 +57,15 @@ def clear_sessions(user=None, keep_current=False, device=None):
 	if not device:
 		device = frappe.session.data.device or "desktop"

-	simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1
+	limit = 0
+	if user == frappe.session.user:
+		simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1
+		limit = simultaneous_sessions - 1

 	condition = ''
 	if keep_current:
 		condition = ' and sid != "{0}"'.format(frappe.session.sid)

-	limit = simultaneous_sessions - 1

 	for i, sid in enumerate(frappe.db.sql_list("""select sid from tabSessions
 		where user=%s and device=%s {condition}
--- a/frappe/utils/oauth.py
+++ b/frappe/utils/oauth.py
@ -210,7 +210,8 @@ def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=No
 		return

 	try:
-		update_oauth_user(user, data, provider)
+		if update_oauth_user(user, data, provider) is False:
+			return

 	except SignupDisabledError:
 		return frappe.respond_as_web_page("Signup is Disabled", "Sorry. Signup from Website is disabled.",
@ -260,6 +261,9 @@ def update_oauth_user(user, data, provider):

 	else:
 		user = frappe.get_doc("User", user)
+		if not user.enabled:
+			frappe.respond_as_web_page(_('Not Allowed'), _('User {0} is disabled').format(user.email))
+			return False

 	if provider=="facebook" and not user.get("fb_userid"):
 		save = True