Logout user when their activated status is switched to off

Signed-off-by: snipe <snipe@snipe.net>
2026-05-05 22:25:34 +00:00 · 2022-03-29 13:44:53 +01:00
parent ab18ceb2f9
commit bdabbbd4e9
3 changed files with 12 additions and 8 deletions
--- a/app/Http/Kernel.php
+++ b/app/Http/Kernel.php
@ -39,6 +39,7 @@ class Kernel extends HttpKernel
            \Illuminate\Cookie\Middleware\AddQueuedCookiesToResponse::class,
            \App\Http\Middleware\VerifyCsrfToken::class,
            \App\Http\Middleware\CheckLocale::class,
+            \App\Http\Middleware\CheckUserIsActivated::class,
            \App\Http\Middleware\CheckForTwoFactor::class,
            \Laravel\Passport\Http\Middleware\CreateFreshApiToken::class,
            \App\Http\Middleware\AssetCountForSidebar::class,
--- a/app/Http/Middleware/CheckUserIsActivated.php
+++ b/app/Http/Middleware/CheckUserIsActivated.php
@ -4,8 +4,9 @@ namespace App\Http\Middleware;

 use Closure;
 use Illuminate\Contracts\Auth\Guard;
+use Auth;

-class Authenticate
+class CheckUserIsActivated
 {
    /**
     * The Guard implementation.
@ -34,14 +35,16 @@ class Authenticate
     */
    public function handle($request, Closure $next)
    {
-        if ($this->auth->guest()) {
-            if ($request->ajax()) {
-                return response('Unauthorized.', 401);
-            } else {
-                return redirect()->guest('login');
-            }
+
+        // If there is a user AND the user is NOT activated, send them to the login page
+        // This prevents people who still have active sessions logged in and their status gets toggled
+        // to inactive (aka unable to login)
+        if (($request->user()) && (!$request->user()->isActivated())) {
+            Auth::logout();
+            return redirect()->guest('login');
        }

        return $next($request);
+
    }
 }