Automatically Logout Banned Users (#12037)

* wip * logout banned users, fix and refactor language library and middleware * req.locals -> res.locals * fix tests * redirect to login page
2025-12-18 07:07:35 +01:00 · 2020-04-02 21:46:01 +02:00
parent e9100c7132
commit e92ff9737a
11 changed files with 228 additions and 121 deletions
--- a/website/server/middlewares/auth.js
+++ b/website/server/middlewares/auth.js
@@ -7,6 +7,8 @@ import {
  model as User,
 } from '../models/user';
 import gcpStackdriverTracer from '../libs/gcpTraceAgent';
+import common from '../../common';
+import { getLanguageFromUser } from '../libs/language';

 const COMMUNITY_MANAGER_EMAIL = nconf.get('EMAILS_COMMUNITY_MANAGER_EMAIL');
 const USER_FIELDS_ALWAYS_LOADED = ['_id', 'notifications', 'preferences', 'auth', 'flags'];
@@ -72,7 +74,17 @@ export function authWithHeaders (options = {}) {
      .exec()
      .then(user => {
        if (!user) throw new NotAuthorized(res.t('invalidCredentials'));
-        if (user.auth.blocked) throw new NotAuthorized(res.t('accountSuspended', { communityManagerEmail: COMMUNITY_MANAGER_EMAIL, userId: user._id }));
+
+        if (user.auth.blocked) {
+          // We want the accountSuspended message to be translated but the language
+          // middleware hasn't run yet so we pick it manually
+          const language = getLanguageFromUser(user, req);
+
+          throw new NotAuthorized(common.i18n.t('accountSuspended', {
+            communityManagerEmail: COMMUNITY_MANAGER_EMAIL,
+            userId: user._id,
+          }, language));
+        }

        res.locals.user = user;
        req.session.userId = user._id;