feat: do not login banned users

Author: kenjis

src/Authentication/Authenticators/JWT.php

@@ -88,6 +88,27 @@ public function attempt(array $credentials): Result
 
         $user = $result->extraInfo();
 
+        if ($user->isBanned()) {
+            if ($config->recordLoginAttempt >= Auth::RECORD_LOGIN_ATTEMPT_FAILURE) {
+                // Record a banned login attempt.
+                $this->tokenLoginModel->recordLoginAttempt(
+                    self::ID_TYPE_JWT,
+                    $credentials['token'] ?? '',
+                    false,
+                    $ipAddress,
+                    $userAgent,
+                    $user->id
+                );
+            }
+
+            $this->user = null;
+
+            return new Result([
+                'success' => false,
+                'reason'  => $user->getBanMessage() ?? lang('Auth.bannedUser'),
+            ]);
+        }
+
         $this->login($user);
 
         if ($config->recordLoginAttempt === Auth::RECORD_LOGIN_ATTEMPT_ALL) {

tests/Authentication/Authenticators/JWTAuthenticatorTest.php

@@ -198,6 +198,29 @@ public function testAttemptBadSignatureToken(): void
         ]);
     }
 
+    public function testAttemptBannedUser(): void
+    {
+        $token = $this->generateJWT();
+
+        $this->user->ban();
+
+        $result = $this->auth->attempt([
+            'token' => $token,
+        ]);
+
+        $this->assertInstanceOf(Result::class, $result);
+        $this->assertFalse($result->isOK());
+        $this->assertSame(lang('Auth.bannedUser'), $result->reason());
+
+        // The login attempt should have been recorded
+        $this->seeInDatabase('auth_token_logins', [
+            'id_type'    => JWT::ID_TYPE_JWT,
+            'identifier' => $token,
+            'success'    => 0,
+            'user_id'    => $this->user->id,
+        ]);
+    }
+
     public function testAttemptSuccess(): void
     {
         // Change $recordLoginAttempt in Config.