fix(auth): reject disabled/locked users in OIDC callback

This commit is contained in:
kolaente 2026-03-23 12:24:31 +01:00 committed by kolaente
parent ea4ba18def
commit 22a4b6fbb8
1 changed files with 5 additions and 0 deletions

View File

@ -158,6 +158,11 @@ func HandleCallback(c *echo.Context) error {
return err
}
if u.Status == user.StatusDisabled || u.Status == user.StatusAccountLocked {
_ = s.Rollback()
return &user.ErrAccountDisabled{UserID: u.ID}
}
teamData := getTeamDataFromToken(cl.VikunjaGroups, provider)
err = models.SyncExternalTeamsForUser(s, u, teamData, idToken.Issuer, "OIDC")