diff --git a/app/controllers/sessions/launchpad_controller.rb b/app/controllers/sessions/launchpad_controller.rb index 8a9a082dd..1844b6133 100644 --- a/app/controllers/sessions/launchpad_controller.rb +++ b/app/controllers/sessions/launchpad_controller.rb @@ -7,7 +7,8 @@ class Sessions::LaunchpadController < ApplicationController end def update - if user = Current.account.signal_account.authenticate(sig: @sig).try(:peer) + user = Current.account.signal_account.authenticate(sig: @sig).try(:peer) + if user.present? && user.active? start_new_session_for user redirect_to after_authentication_url else diff --git a/app/models/user.rb b/app/models/user.rb index 7e0674135..b503a5e1a 100644 --- a/app/models/user.rb +++ b/app/models/user.rb @@ -23,7 +23,7 @@ class User < ApplicationRecord def deactivate sessions.delete_all accesses.destroy_all - signal_user.destroy + SignalId::Database.on_master { signal_user&.destroy } update! active: false, email_address: deactived_email_address end diff --git a/test/controllers/sessions/launchpad_controller_test.rb b/test/controllers/sessions/launchpad_controller_test.rb index c67ac8ee2..bd31eca8e 100644 --- a/test/controllers/sessions/launchpad_controller_test.rb +++ b/test/controllers/sessions/launchpad_controller_test.rb @@ -21,9 +21,16 @@ class Sessions::LaunchpadControllerTest < ActionDispatch::IntegrationTest assert parsed_cookies.signed[:session_token] end - test "returns 401 when the sig is invalid" do + test "create checks user.active?" do user = users(:david) + user.update! active: false + put session_launchpad_path(params: { sig: user.signal_user.perishable_signature }) + + assert_response :unauthorized + end + + test "returns 401 when the sig is invalid" do put session_launchpad_path(params: { sig: "invalid" }) assert_response :unauthorized