Commit ae716002 authored by webchick's avatar webchick
Browse files

#542180 by David_Rothstein and c960657: Fixed OpenID does not deal with blocked users correctly.

parent 41019a83
......@@ -437,7 +437,8 @@ function openid_authentication($response) {
if (isset($account->uid)) {
if (!variable_get('user_email_verification', TRUE) || $account->login) {
// Check if user is blocked.
user_login_name_validate(array(), $state, (array)$account);
$state['values']['name'] = $account->name;
user_login_name_validate(array(), $state);
if (!form_get_errors()) {
// Load global $user and perform final login tasks.
$form_state['uid'] = $account->uid;
......
......@@ -130,6 +130,42 @@ class OpenIDFunctionalTest extends DrupalWebTestCase {
$this->assertNoText($identity, t('Identity no longer appears in list.'));
}
/**
* Test that a blocked user cannot log in.
*/
function testBlockedUserLogin() {
// Use a User-supplied Identity that is the URL of an XRDS document.
$identity = url('openid-test/yadis/xrds', array('absolute' => TRUE));
// Log in and add an OpenID Identity to the account.
$this->drupalLogin($this->web_user);
$this->addIdentity($identity);
$this->drupalLogout();
// Log in as an admin user and block the account.
$admin_user = $this->drupalCreateUser(array('administer users'));
$this->drupalLogin($admin_user);
$this->drupalGet('admin/people');
$edit = array(
'operation' => 'block',
'accounts[' . $this->web_user->uid . ']' => TRUE,
);
$this->drupalPost('admin/people', $edit, t('Update'));
$this->assertRaw('The update has been performed.', t('Account was blocked.'));
$this->drupalLogout();
// Fill out and submit the login form.
$edit = array('openid_identifier' => $identity);
$this->drupalPost(NULL, $edit, t('Log in'));
// Check we are on the OpenID redirect form.
$this->assertTitle(t('OpenID redirect'), t('OpenID redirect page was displayed.'));
// Submit form to the OpenID Provider Endpoint.
$this->drupalPost(NULL, array(), t('Send'));
$this->assertRaw(t('The username %name has not been activated or is blocked.', array('%name' => $this->web_user->name)), t('User login was blocked.'));
}
/**
* Add OpenID identity to user's profile.
*
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment