From f2476c5c39204d5c13f3918fadd61bf4d6867adb Mon Sep 17 00:00:00 2001
From: KusakabeSi <si@kskb.eu.org>
Date: Mon, 1 Mar 2021 13:32:21 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AF=A6=E4=BD=9C=20https://github.com/cloudre?=
 =?UTF-8?q?ve/Cloudreve/pull/765#discussion=5Fr584313520?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 middleware/auth.go          | 2 +-
 models/user.go              | 7 +++++++
 routers/controllers/user.go | 4 ++--
 service/user/login.go       | 6 ++++++
 4 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/middleware/auth.go b/middleware/auth.go
index fd0f143a..69233ee2 100644
--- a/middleware/auth.go
+++ b/middleware/auth.go
@@ -90,7 +90,7 @@ func WebDAVAuth() gin.HandlerFunc {
 			return
 		}
 
-		expectedUser, err := model.GetUserByEmail(username)
+		expectedUser, err := model.GetActiveUserByEmail(username)
 		if err != nil {
 			c.Status(http.StatusUnauthorized)
 			c.Abort()
diff --git a/models/user.go b/models/user.go
index 9774d034..ecd091b4 100644
--- a/models/user.go
+++ b/models/user.go
@@ -144,6 +144,13 @@ func GetUserByEmail(email string) (User, error) {
 	return user, result.Error
 }
 
+// GetActiveUserByEmail 用Email获取可登录用户
+func GetActiveUserByEmail(email string) (User, error) {
+	var user User
+	result := DB.Set("gorm:auto_preload", true).Where("status = ? and email = ?", Active, email).First(&user)
+	return user, result.Error
+}
+
 // NewUser 返回一个新的空 User
 func NewUser() User {
 	options := UserOption{}
diff --git a/routers/controllers/user.go b/routers/controllers/user.go
index b7109424..77a5426c 100644
--- a/routers/controllers/user.go
+++ b/routers/controllers/user.go
@@ -18,7 +18,7 @@ import (
 // StartLoginAuthn 开始注册WebAuthn登录
 func StartLoginAuthn(c *gin.Context) {
 	userName := c.Param("username")
-	expectedUser, err := model.GetUserByEmail(userName)
+	expectedUser, err := model.GetActiveUserByEmail(userName)
 	if err != nil {
 		c.JSON(200, serializer.Err(serializer.CodeNotFound, "用户不存在", err))
 		return
@@ -52,7 +52,7 @@ func StartLoginAuthn(c *gin.Context) {
 // FinishLoginAuthn 完成注册WebAuthn登录
 func FinishLoginAuthn(c *gin.Context) {
 	userName := c.Param("username")
-	expectedUser, err := model.GetUserByEmail(userName)
+	expectedUser, err := model.GetActiveUserByEmail(userName)
 	if err != nil {
 		c.JSON(200, serializer.Err(serializer.CodeCredentialInvalid, "用户邮箱或密码错误", err))
 		return
diff --git a/service/user/login.go b/service/user/login.go
index acea1631..4689bc44 100644
--- a/service/user/login.go
+++ b/service/user/login.go
@@ -94,6 +94,12 @@ func (service *UserResetEmailService) Reset(c *gin.Context) serializer.Response
 	// 查找用户
 	if user, err := model.GetUserByEmail(service.UserName); err == nil {
 
+		if user.Status == model.Baned || user.Status == model.OveruseBaned {
+			return serializer.Err(403, "该账号已被封禁", nil)
+		}
+		if user.Status == model.NotActivicated {
+			return serializer.Err(403, "该账号未激活", nil)
+		}
 		// 创建密码重设会话
 		secret := util.RandStringRunes(32)
 		cache.Set(fmt.Sprintf("user_reset_%d", user.ID), secret, 3600)