[Fix] Social login not allowed for a disabled user (#2032)

frappe/sessions.py

@@ -57,13 +57,15 @@ def clear_sessions(user=None, keep_current=False, device=None):
 	if not device:
 		device = frappe.session.data.device or "desktop"
 
-	simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1
+	limit = 0
+	if user == frappe.session.user:
+		simultaneous_sessions = frappe.db.get_value('User', user, 'simultaneous_sessions') or 1
+		limit = simultaneous_sessions - 1
 
 	condition = ''
 	if keep_current:
 		condition = ' and sid != "{0}"'.format(frappe.session.sid)
 
-	limit = simultaneous_sessions - 1
 
 	for i, sid in enumerate(frappe.db.sql_list("""select sid from tabSessions
 		where user=%s and device=%s {condition}

frappe/utils/oauth.py

@@ -210,7 +210,8 @@ def login_oauth_user(data=None, provider=None, state=None, email_id=None, key=No
 		return
 
 	try:
-		update_oauth_user(user, data, provider)
+		if update_oauth_user(user, data, provider) is False:
+			return
 
 	except SignupDisabledError:
 		return frappe.respond_as_web_page("Signup is Disabled", "Sorry. Signup from Website is disabled.",
@@ -260,6 +261,9 @@ def update_oauth_user(user, data, provider):
 
 	else:
 		user = frappe.get_doc("User", user)
+		if not user.enabled:
+			frappe.respond_as_web_page(_('Not Allowed'), _('User {0} is disabled').format(user.email))
+			return False
 
 	if provider=="facebook" and not user.get("fb_userid"):
 		save = True