File tree Expand file tree Collapse file tree 1 file changed +20
-16
lines changed
crates/handlers/src/admin Expand file tree Collapse file tree 1 file changed +20
-16
lines changed Original file line number Diff line number Diff line change @@ -255,27 +255,31 @@ where
255255 . lookup ( user_id)
256256 . await ?
257257 . ok_or_else ( || Rejection :: LoadUser ( user_id) ) ?;
258+
259+ match session {
260+ CallerSession :: OAuth2Session ( _) => {
261+ // For OAuth2 sessions: check that the user is valid enough
262+ // to be a user.
263+ if !user. is_valid ( ) {
264+ return Err ( Rejection :: UserLocked ) ;
265+ }
266+ }
267+ CallerSession :: PersonalSession ( _) => {
268+ // For personal sessions: check that the actor is valid enough
269+ // to be an actor.
270+ if !user. is_valid_actor ( ) {
271+ return Err ( Rejection :: UserLocked ) ;
272+ }
273+ }
274+ }
275+
258276 Some ( user)
259277 } else {
278+ // Double check we're not using a PersonalSession
279+ assert ! ( matches!( session, CallerSession :: OAuth2Session ( _) ) ) ;
260280 None
261281 } ;
262282
263- if let CallerSession :: PersonalSession ( _) = & session {
264- // For personal sessions: check that the actor is valid enough
265- // to be an actor.
266- // unwrap: personal sessions always have an actor user
267- if !user. as_ref ( ) . unwrap ( ) . is_valid_actor ( ) {
268- return Err ( Rejection :: UserLocked ) ;
269- }
270- } else {
271- // If there is a user for this session, check that it is not locked
272- if let Some ( user) = & user
273- && !user. is_valid ( )
274- {
275- return Err ( Rejection :: UserLocked ) ;
276- }
277- }
278-
279283 // For now, we only check that the session has the admin scope
280284 // Later we might want to check other route-specific scopes
281285 if !session. scope ( ) . contains ( "urn:mas:admin" ) {
You can’t perform that action at this time.
0 commit comments