From e5bb0bb283af67eca989b310fa0d29587c72b793 Mon Sep 17 00:00:00 2001 From: Shreyas Patil Date: Mon, 12 Sep 2016 16:06:35 +0530 Subject: [PATCH] [Fix] Social login not allowed for a disabled user (#2032) --- frappe/sessions.py | 6 ++++-- frappe/utils/oauth.py | 6 +++++- 2 files changed, 9 insertions(+), 3 deletions(-) diff --git a/frappe/sessions.py b/frappe/sessions.py index 9d63393d57..7aa4adf1a5 100644 --- a/frappe/sessions.py +++ b/frappe/sessions.py @@ -57,13 +57,15 @@ def clear_sessions(user=None, keep_current=False, device=None): if not device: device = frappe.session.data.device or "desktop" - simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1 + limit = 0 + if user == frappe.session.user: + simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1 + limit = simultaneous_sessions - 1 condition = '' if keep_current: condition = ' and sid != "{0}"'.format(frappe.session.sid) - limit = simultaneous_sessions - 1 for i, sid in enumerate(frappe.db.sql_list("""select sid from tabSessions where user=%s and device=%s {condition} diff --git a/frappe/utils/oauth.py b/frappe/utils/oauth.py index ca0d72c12d..cbff7aaeab 100644 --- a/frappe/utils/oauth.py +++ b/frappe/utils/oauth.py @@ -210,7 +210,8 @@ def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=No return try: - update_oauth_user(user, data, provider) + if update_oauth_user(user, data, provider) is False: + return except SignupDisabledError: return frappe.respond_as_web_page("Signup is Disabled", "Sorry. Signup from Website is disabled.", @@ -260,6 +261,9 @@ def update_oauth_user(user, data, provider): else: user = frappe.get_doc("User", user) + if not user.enabled: + frappe.respond_as_web_page(_('Not Allowed'), _('User {0} is disabled').format(user.email)) + return False if provider=="facebook" and not user.get("fb_userid"): save = True