Block API login if approval is required

2023-08-11 13:43:42 -05:00 · 2023-08-11 13:43:42 -05:00 · 9cc11fd666
parent 6d8b87246e
commit 9cc11fd666
1 changed files with 3 additions and 0 deletions
--- a/LANCommander/Controllers/Api/AuthController.cs
+++ b/LANCommander/Controllers/Api/AuthController.cs
@ -156,6 +156,9 @@ namespace LANCommander.Controllers.Api
        {
            if (user != null && await UserManager.CheckPasswordAsync(user, password))
            {
+                if (Settings.Authentication.RequireApproval && !user.Approved)
+                    throw new Exception("Account must be approved by an administrator");
+
                var userRoles = await UserManager.GetRolesAsync(user);

                var authClaims = new List<Claim>