From 9c39179849da7dcf22a55b6bf7d0f7c358436f04 Mon Sep 17 00:00:00 2001
From: DacongDA <dacongda1@sina.com>
Date: Thu, 13 Feb 2025 13:14:44 +0800
Subject: [PATCH] feat: fix bug that user forbidden check will be skipped in
 OAuth login (#3580)

---
 controllers/auth.go | 9 +++++----
 1 file changed, 5 insertions(+), 4 deletions(-)

diff --git a/controllers/auth.go b/controllers/auth.go
index 11e4387f..f9995830 100644
--- a/controllers/auth.go
+++ b/controllers/auth.go
@@ -54,6 +54,11 @@ func tokenToResponse(token *object.Token) *Response {
 
 // HandleLoggedIn ...
 func (c *ApiController) HandleLoggedIn(application *object.Application, user *object.User, form *form.AuthForm) (resp *Response) {
+	if user.IsForbidden {
+		c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
+		return
+	}
+
 	userId := user.GetId()
 
 	clientIp := util.GetClientIpFromRequest(c.Ctx.Request)
@@ -678,10 +683,6 @@ func (c *ApiController) Login() {
 
 			if user != nil && !user.IsDeleted {
 				// Sign in via OAuth (want to sign up but already have account)
-
-				if user.IsForbidden {
-					c.ResponseError(c.T("check:The user is forbidden to sign in, please contact the administrator"))
-				}
 				// sync info from 3rd-party if possible
 				_, err = object.SetUserOAuthProperties(organization, user, provider.Type, userInfo)
 				if err != nil {