Merge pull request #14632 from annando/issue-13943

Issue 13943: Notify users on login that they are blocked
2025-01-08 11:24:43 +00:00 · 2024-12-28 09:00:49 -05:00 · 2024-12-28 09:00:49 -05:00 · 9944311b95
commit 9944311b95
parent c7c029a044 7342c6e468
3 changed files with 75 additions and 61 deletions
--- a/src/Model/User.php
+++ b/src/Model/User.php
@ -678,11 +678,12 @@ class User
 	 * @param mixed  $user_info
 	 * @param string $password
 	 * @param bool   $third_party
+	 * @param bool   $with_blocked
 	 * @return int User Id if authentication is successful
 	 * @throws HTTPException\ForbiddenException
 	 * @throws HTTPException\NotFoundException
 	 */
-	public static function getIdFromPasswordAuthentication($user_info, string $password, bool $third_party = false): int
+	public static function getIdFromPasswordAuthentication($user_info, string $password, bool $third_party = false, bool $with_blocked = false): int
 	{
 		// Addons registered with the "authenticate" hook may create the user on the
 		// fly. `getAuthenticationInfo` will fail if the user doesn't exist yet. If
@ -690,7 +691,7 @@ class User
 		// user in our database, if applicable, before re-throwing the exception if
 		// they fail.
 		try {
-			$user = self::getAuthenticationInfo($user_info);
+			$user = self::getAuthenticationInfo($user_info, $with_blocked);
 		} catch (Exception $e) {
 			$username = (is_string($user_info) ? $user_info : $user_info['nickname'] ?? '');

@ -783,10 +784,11 @@ class User
 	 * - User array with at least the uid and the hashed password
 	 *
 	 * @param mixed $user_info
+	 * @param bool  $with_blocked
 	 * @return array|null Null if not found/determined
 	 * @throws HTTPException\NotFoundException
 	 */
-	public static function getAuthenticationInfo($user_info)
+	public static function getAuthenticationInfo($user_info, bool $with_blocked = false)
 	{
 		$user = null;

@ -805,25 +807,27 @@ class User
 				throw new Exception(DI::l10n()->t('Not enough information to authenticate'));
 			}
 		} elseif (is_int($user_info) || is_string($user_info)) {
+			$fields = ['uid', 'nickname', 'password', 'legacy_password'];
 			if (is_int($user_info)) {
-				$user = DBA::selectFirst(
-					'user',
-					['uid', 'nickname', 'password', 'legacy_password'],
-					[
-						'uid' => $user_info,
-						'blocked' => 0,
-						'account_expired' => 0,
-						'account_removed' => 0,
-						'verified' => 1
-					]
-				);
+				$condition = 					[
+					'uid' => $user_info,
+					'account_expired' => false,
+					'account_removed' => false,
+					'verified' => true
+				];
+				if (!$with_blocked) {
+					$condition = DBA::mergeConditions($condition, ['blocked' => false]);
+				}
+				$user = DBA::selectFirst('user', $fields, $condition);
 			} else {
-				$fields = ['uid', 'nickname', 'password', 'legacy_password'];
 				$condition = [
 					"(`email` = ? OR `username` = ? OR `nickname` = ?)
-					AND `verified` AND NOT `blocked` AND NOT `account_removed` AND NOT `account_expired`",
+					AND `verified` AND NOT `account_removed` AND NOT `account_expired`",
 					$user_info, $user_info, $user_info
 				];
+				if (!$with_blocked) {
+					$condition = DBA::mergeConditions($condition, ['blocked' => false]);
+				}
 				$user = DBA::selectFirst('user', $fields, $condition);
 			}

--- a/src/Security/Authentication.php
+++ b/src/Security/Authentication.php
@ -238,7 +238,7 @@ class Authentication
 			$record = $this->dba->selectFirst(
 				'user',
 				[],
-				['uid' => User::getIdFromPasswordAuthentication($username, $password)]
+				['uid' => User::getIdFromPasswordAuthentication($username, $password, false, true)]
 			);
 		} catch (Exception $e) {
 			$this->logger->warning('authenticate: failed login attempt', ['action' => 'login', 'username' => $username, 'ip' => $this->remoteAddress]);
@ -246,6 +246,12 @@ class Authentication
 			$this->baseUrl->redirect();
 		}

+		if ($record['blocked']) {
+			$this->logger->warning('authenticate: user is blocked', ['action' => 'login', 'username' => $username, 'ip' => $this->remoteAddress]);
+			DI::sysmsg()->addNotice($this->l10n->t('Login failed because your account is blocked.'));
+			$this->baseUrl->redirect();
+		}
+
 		if (!$remember) {
 			$trusted = $this->cookie->get('2fa_cookie_hash') ?? null;
 			$this->cookie->clear();
--- a/view/lang/C/messages.po
+++ b/view/lang/C/messages.po
@ -8,7 +8,7 @@ msgid ""
 msgstr ""
 "Project-Id-Version: 2024.09-rc\n"
 "Report-Msgid-Bugs-To: \n"
-"POT-Creation-Date: 2024-12-22 07:45+0000\n"
+"POT-Creation-Date: 2024-12-28 00:35+0000\n"
 "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
 "Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
 "Language-Team: LANGUAGE <LL@li.org>\n"
@ -944,7 +944,7 @@ msgstr ""
 msgid "Enter user nickname: "
 msgstr ""

-#: src/Console/User.php:168 src/Model/User.php:831
+#: src/Console/User.php:168 src/Model/User.php:835
 #: src/Module/Api/Twitter/ContactEndpoint.php:60
 #: src/Module/Moderation/Users/Active.php:57
 #: src/Module/Moderation/Users/Blocked.php:57
@ -1708,7 +1708,7 @@ msgstr ""

 #: src/Content/Feature.php:116 src/Content/GroupManager.php:133
 #: src/Content/Nav.php:264 src/Content/Text/HTML.php:868
-#: src/Content/Widget.php:552 src/Model/User.php:1390
+#: src/Content/Widget.php:552 src/Model/User.php:1394
 msgid "Groups"
 msgstr ""

@ -3616,138 +3616,138 @@ msgstr ""
 msgid "Responsible account: %s"
 msgstr ""

-#: src/Model/User.php:217 src/Model/User.php:1310
+#: src/Model/User.php:217 src/Model/User.php:1314
 msgid "SERIOUS ERROR: Generation of security keys failed."
 msgstr ""

-#: src/Model/User.php:740 src/Model/User.php:773
+#: src/Model/User.php:741 src/Model/User.php:774
 msgid "Login failed"
 msgstr ""

-#: src/Model/User.php:805
+#: src/Model/User.php:807
 msgid "Not enough information to authenticate"
 msgstr ""

-#: src/Model/User.php:930
+#: src/Model/User.php:934
 msgid "Password can't be empty"
 msgstr ""

-#: src/Model/User.php:972
+#: src/Model/User.php:976
 msgid "Empty passwords are not allowed."
 msgstr ""

-#: src/Model/User.php:976
+#: src/Model/User.php:980
 msgid "The new password has been exposed in a public data dump, please choose another."
 msgstr ""

-#: src/Model/User.php:980
+#: src/Model/User.php:984
 msgid "The password length is limited to 72 characters."
 msgstr ""

-#: src/Model/User.php:984
+#: src/Model/User.php:988
 msgid "The password can't contain white spaces nor accentuated letters"
 msgstr ""

-#: src/Model/User.php:1193
+#: src/Model/User.php:1197
 msgid "Passwords do not match. Password unchanged."
 msgstr ""

-#: src/Model/User.php:1200
+#: src/Model/User.php:1204
 msgid "An invitation is required."
 msgstr ""

-#: src/Model/User.php:1204
+#: src/Model/User.php:1208
 msgid "Invitation could not be verified."
 msgstr ""

-#: src/Model/User.php:1212
+#: src/Model/User.php:1216
 msgid "Invalid OpenID url"
 msgstr ""

-#: src/Model/User.php:1225 src/Security/Authentication.php:214
+#: src/Model/User.php:1229 src/Security/Authentication.php:214
 msgid "We encountered a problem while logging in with the OpenID you provided. Please check the correct spelling of the ID."
 msgstr ""

-#: src/Model/User.php:1225 src/Security/Authentication.php:214
+#: src/Model/User.php:1229 src/Security/Authentication.php:214
 msgid "The error message was:"
 msgstr ""

-#: src/Model/User.php:1231
+#: src/Model/User.php:1235
 msgid "Please enter the required information."
 msgstr ""

-#: src/Model/User.php:1245
+#: src/Model/User.php:1249
 #, php-format
 msgid "system.username_min_length (%s) and system.username_max_length (%s) are excluding each other, swapping values."
 msgstr ""

-#: src/Model/User.php:1252
+#: src/Model/User.php:1256
 #, php-format
 msgid "Username should be at least %s character."
 msgid_plural "Username should be at least %s characters."
 msgstr[0] ""
 msgstr[1] ""

-#: src/Model/User.php:1256
+#: src/Model/User.php:1260
 #, php-format
 msgid "Username should be at most %s character."
 msgid_plural "Username should be at most %s characters."
 msgstr[0] ""
 msgstr[1] ""

-#: src/Model/User.php:1264
+#: src/Model/User.php:1268
 msgid "That doesn't appear to be your full (First Last) name."
 msgstr ""

-#: src/Model/User.php:1269
+#: src/Model/User.php:1273
 msgid "Your email domain is not among those allowed on this site."
 msgstr ""

-#: src/Model/User.php:1273
+#: src/Model/User.php:1277
 msgid "Not a valid email address."
 msgstr ""

-#: src/Model/User.php:1276
+#: src/Model/User.php:1280
 msgid "The nickname was blocked from registration by the nodes admin."
 msgstr ""

-#: src/Model/User.php:1280 src/Model/User.php:1286
+#: src/Model/User.php:1284 src/Model/User.php:1290
 msgid "Cannot use that email."
 msgstr ""

-#: src/Model/User.php:1292
+#: src/Model/User.php:1296
 msgid "Your nickname can only contain a-z, 0-9 and _."
 msgstr ""

-#: src/Model/User.php:1300 src/Model/User.php:1350
+#: src/Model/User.php:1304 src/Model/User.php:1354
 msgid "Nickname is already registered. Please choose another."
 msgstr ""

-#: src/Model/User.php:1337 src/Model/User.php:1341
+#: src/Model/User.php:1341 src/Model/User.php:1345
 msgid "An error occurred during registration. Please try again."
 msgstr ""

-#: src/Model/User.php:1364
+#: src/Model/User.php:1368
 msgid "An error occurred creating your default profile. Please try again."
 msgstr ""

-#: src/Model/User.php:1371
+#: src/Model/User.php:1375
 msgid "An error occurred creating your self contact. Please try again."
 msgstr ""

-#: src/Model/User.php:1376
+#: src/Model/User.php:1380
 msgid "Friends"
 msgstr ""

-#: src/Model/User.php:1380
+#: src/Model/User.php:1384
 msgid "An error occurred creating your default contact circle. Please try again."
 msgstr ""

-#: src/Model/User.php:1428
+#: src/Model/User.php:1432
 msgid "Profile Photos"
 msgstr ""

-#: src/Model/User.php:1616
+#: src/Model/User.php:1620
 #, php-format
 msgid ""
 "\n"
@ -3755,7 +3755,7 @@ msgid ""
 "\t\t\tthe administrator of %2$s has set up an account for you."
 msgstr ""

-#: src/Model/User.php:1619
+#: src/Model/User.php:1623
 #, php-format
 msgid ""
 "\n"
@ -3786,12 +3786,12 @@ msgid ""
 "\t\tThank you and welcome to %4$s."
 msgstr ""

-#: src/Model/User.php:1651 src/Model/User.php:1757
+#: src/Model/User.php:1655 src/Model/User.php:1761
 #, php-format
 msgid "Registration details for %s"
 msgstr ""

-#: src/Model/User.php:1671
+#: src/Model/User.php:1675
 #, php-format
 msgid ""
 "\n"
@ -3806,12 +3806,12 @@ msgid ""
 "\t\t"
 msgstr ""

-#: src/Model/User.php:1690
+#: src/Model/User.php:1694
 #, php-format
 msgid "Registration at %s"
 msgstr ""

-#: src/Model/User.php:1714
+#: src/Model/User.php:1718
 #, php-format
 msgid ""
 "\n"
@ -3820,7 +3820,7 @@ msgid ""
 "\t\t\t"
 msgstr ""

-#: src/Model/User.php:1722
+#: src/Model/User.php:1726
 #, php-format
 msgid ""
 "\n"
@ -3851,7 +3851,7 @@ msgid ""
 "\t\t\tThank you and welcome to %2$s."
 msgstr ""

-#: src/Model/User.php:1784
+#: src/Model/User.php:1788
 msgid "User with delegates can't be removed, please remove delegate users first"
 msgstr ""

@ -11759,12 +11759,16 @@ msgstr ""
 msgid "Login failed. Please check your credentials."
 msgstr ""

-#: src/Security/Authentication.php:359
+#: src/Security/Authentication.php:251
+msgid "Login failed because your account is blocked."
+msgstr ""
+
+#: src/Security/Authentication.php:365
 #, php-format
 msgid "Welcome %s"
 msgstr ""

-#: src/Security/Authentication.php:360
+#: src/Security/Authentication.php:366
 msgid "Please upload a profile photo."
 msgstr ""