Inactive users can't login anymore.

I placed the check for this on authenticated? so it can easily be overruled
tslocke · Sep 8, 2008 · fe29c62 · fe29c62
1 parent 8c0be84
commit fe29c62
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 3 deletions.
diff --git a/hobo/lib/hobo/user.rb b/hobo/lib/hobo/user.rb
@@ -98,7 +98,7 @@ def encrypt(password, salt)
     end
 
     def account_active?
-      state == 'active'
+      !self.class.has_lifecycle? || !'active'.in?(self.class::Lifecycle.state_names) || state == 'active'
     end
 
     # Encrypts the password with the user salt
@@ -108,7 +108,7 @@ def encrypt(password)
 
     # Check if the encrypted passwords match
     def authenticated?(password)
-      crypted_password == encrypt(password)
+      account_active? && crypted_password == encrypt(password)
     end
 
     # Do we still need to remember the login token, or has it expired?

diff --git a/hobo/lib/hobo/user_controller.rb b/hobo/lib/hobo/user_controller.rb
@@ -88,7 +88,10 @@ def hobo_login(options={})
 
     def hobo_do_signup(&b)
       do_creator_action(:signup) do
-        flash[:notice] = "Thanks for signing up!" if valid?
+        if valid?
+          flash[:notice] = "Thanks for signing up!"
+          flash[:notice] << " You must activate your account before you can log in. Please check your email." unless this.account_active?
+        end
         response_block(&b) or if valid?
                                 self.current_user = this if this.account_active?
                                 redirect_back_or_default(home_page)