Merge pull request #162 from level12/161-timestamp-disabled-users-sho…

…uld-get-flash-error

161 Timestamp disabled users should get flash error

keg_auth/libs/authenticators.py

@@ -145,7 +145,9 @@ def on_inactive_user(self, user):
             if self.flash_unverified_user:
                 message, category = self.flash_unverified_user
                 flash(message.format(user.email), category)
-        if not user.is_enabled:
+                return  # preventing unverified users to also get the disabled alert
+
+        if not user.is_active:
             self.on_disabled_user(user)
 
     def on_invalid_user(self, username):

keg_auth/model/__init__.py

@@ -743,6 +743,20 @@ def changed_users(session, *args):
             ):
                 target.reset_session_key()
 
+    @sa.event.listens_for(db.session, 'before_flush')
+    def re_enabling_users(session, *args):
+        for target in session.dirty:
+            if not _isinstance(target, registry.user_cls):
+                continue
+
+            if (
+                target.is_disabled_by_date
+                and target.is_enabled
+                and _sa_attr_has_changes(target, 'is_enabled')
+                and not _sa_attr_has_changes(target, 'disabled_utc')
+            ):
+                target.disabled_utc = None
+
     @sa.event.listens_for(db.session, 'before_flush')
     def changed_groups(session, *args):
         for target in session.new | session.dirty:

keg_auth/testing.py

@@ -805,6 +805,26 @@ def test_login_user_disabled(self):
         message = flash_disabled_user[0]
         assert resp.flashes == [(category, message.format('foo@bar.com'))]
 
+    def test_login_user_disabled_timestamp(self):
+        self.user_ent.testing_create(
+            email='foo@bar.com',
+            password='pass',
+            disabled_utc=arrow.utcnow().shift(days=-10)
+        )
+
+        client = flask_webtest.TestApp(flask.current_app)
+        resp = client.get(self.login_url)
+
+        resp.form['login_id'] = 'foo@bar.com'
+        resp.form['password'] = 'badpass'
+        resp = resp.form.submit(status=200)
+
+        flash_disabled_user = flask.current_app.auth_manager.login_authenticator_cls. \
+            responder_cls['login'].flash_disabled_user
+        category = flash_disabled_user[1]
+        message = flash_disabled_user[0]
+        assert resp.flashes == [(category, message.format('foo@bar.com'))]
+
     def test_login_protection(self):
         self.user_ent.testing_create(
             email='foo@bar.com', password='pass', permissions=self.protected_url_permissions

keg_auth/tests/test_model.py

@@ -382,6 +382,24 @@ def test_non_permission_update_does_not_reset_session_key(self):
         db.session.expire(user)
         assert user.session_key == original_session_key
 
+    def test_re_enabling_user_clears_disabled_utc(self):
+        user = ents.User.testing_create(disabled_utc=arrow.utcnow(), is_enabled=False)
+        ents.User.edit(user.id, is_enabled=True)
+        db.session.expire(user)
+        assert user.disabled_utc is None
+
+    def test_re_enabling_user_does_not_clear_disabled_utc_if_changed(self):
+        user = ents.User.testing_create(disabled_utc=arrow.utcnow().shift(days=-1), is_enabled=False)
+        ents.User.edit(user.id, is_enabled=True, disabled_utc=arrow.utcnow())
+        db.session.expire(user)
+        assert user.disabled_utc
+
+    def test_disabling_user_does_not_clear_disabled_utc(self):
+        user = ents.User.testing_create(disabled_utc=arrow.utcnow(), is_enabled=True)
+        ents.User.edit(user.id, is_enabled=False)
+        db.session.expire(user)
+        assert user.disabled_utc
+
 
 class TestUserNoEmail(object):
     def setup(self):