Implement admin ability to enable/disable users

2025-08-11 05:29:07 +00:00 · 2020-11-30 23:12:56 +01:00 · 2020-11-30 23:12:56 +01:00 · 043aa27aa3
commit 043aa27aa3
parent 9824d94a1c
13 changed files with 63 additions and 0 deletions
--- a/src/api/admin.rs
+++ b/src/api/admin.rs
@ -36,6 +36,8 @@ pub fn routes() -> Vec<Route> {
        logout,
        delete_user,
        deauth_user,
+        disable_user,
+        enable_user,
        remove_2fa,
        update_revision_users,
        post_config,
@ -297,6 +299,7 @@ fn users_overview(_token: AdminToken, conn: DbConn) -> ApiResult<Html<String>> {
            usr["cipher_count"] = json!(Cipher::count_owned_by_user(&u.uuid, &conn));
            usr["attachment_count"] = json!(Attachment::count_by_user(&u.uuid, &conn));
            usr["attachment_size"] = json!(get_display_size(Attachment::size_by_user(&u.uuid, &conn) as i32));
+            usr["user_enabled"] = json!(u.enabled);
            usr
    }).collect();

@ -319,6 +322,24 @@ fn deauth_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
    user.save(&conn)
 }

+#[post("/users/<uuid>/disable")]
+fn disable_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
+    let mut user = User::find_by_uuid(&uuid, &conn).map_res("User doesn't exist")?;
+    Device::delete_all_by_user(&user.uuid, &conn)?;
+    user.reset_security_stamp();
+    user.enabled = false;
+
+    user.save(&conn)
+}
+
+#[post("/users/<uuid>/enable")]
+fn enable_user(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
+    let mut user = User::find_by_uuid(&uuid, &conn).map_res("User doesn't exist")?;
+    user.enabled = true;
+
+    user.save(&conn)
+}
+
 #[post("/users/<uuid>/remove-2fa")]
 fn remove_2fa(uuid: String, _token: AdminToken, conn: DbConn) -> EmptyResult {
    let mut user = User::find_by_uuid(&uuid, &conn).map_res("User doesn't exist")?;
--- a/src/api/identity.rs
+++ b/src/api/identity.rs
@ -102,6 +102,14 @@ fn _password_login(data: ConnectData, conn: DbConn, ip: &ClientIp) -> JsonResult
        )
    }

+    // Check if the user is disabled
+    if !user.enabled {
+        err!(
+            "This user has been disabled",
+            format!("IP: {}. Username: {}.", ip.ip, username)
+        )
+    }
+
    let now = Local::now();

    if user.verified_at.is_none() && CONFIG.mail_enabled() && CONFIG.signups_verify() {