From e35d7ae1fa4231c24db786a3cf0931c3c5e5c23a Mon Sep 17 00:00:00 2001 From: Lauris BH Date: Wed, 2 May 2018 20:37:23 +0300 Subject: [PATCH] Do not allow inactive users to access repositories using private keys (#3887) (#3889) --- cmd/serv.go | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/cmd/serv.go b/cmd/serv.go index 0326656f2..5d567e6d6 100644 --- a/cmd/serv.go +++ b/cmd/serv.go @@ -230,6 +230,12 @@ func runServ(c *cli.Context) error { fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err) } + if !user.IsActive || user.ProhibitLogin { + fail("Your account is not active or has been disabled by Administrator", + "User %s is disabled and have no access to repository %s", + user.Name, repoPath) + } + mode, err := models.AccessLevel(user.ID, repo) if err != nil { fail("Internal error", "Failed to check access: %v", err)