Merge pull request #1595 from richard-guan-dev/main

fix: Add a validation check to see if "assisted verification users" are active when logging in.
2024-03-06 10:44:44 +08:00 · 2024-03-06 10:44:44 +08:00 · 01e08c8e69
commit 01e08c8e69
parent f5fb888c85 3549b38ee8
1 changed files with 3 additions and 0 deletions
--- a/app/api/endpoints/login.py
+++ b/app/api/endpoints/login.py
@ -49,6 +49,9 @@ async def login_access_token(
                            is_superuser=False, hashed_password=get_password_hash(token))
                user.create(db)
            else:
+                # 辅助验证用户若未启用，则禁止登录
+                if not user.is_active:
+                    raise HTTPException(status_code=403, detail="用户未启用")
                # 普通用户权限
                user.is_superuser = False
    elif not user.is_active: