Add unit test for log into suspended account

Emyrk · Emyrk · commit 87f28a24eef3 · 2022-05-27T11:11:25.000-05:00
diff --git a/coderd/users.go b/coderd/users.go
@@ -637,6 +637,14 @@ func (api *API) postLogin(rw http.ResponseWriter, r *http.Request) {
 		return
 	}
 
+	// If the user logged into a suspended account, reject the login request.
+	if user.Status != database.UserStatusActive {
+		httpapi.Write(rw, http.StatusUnauthorized, httpapi.Response{
+			Message: fmt.Sprintf("user is not active (status = %q), contact an admin to reactivate your account", user.Status),
+		})
+		return
+	}
+
 	sessionToken, created := api.createAPIKey(rw, r, database.InsertAPIKeyParams{
 		UserID:    user.ID,
 		LoginType: database.LoginTypePassword,
diff --git a/coderd/users_test.go b/coderd/users_test.go
@@ -81,6 +81,28 @@ func TestPostLogin(t *testing.T) {
 		require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode())
 	})
 
+	t.Run("Suspended", func(t *testing.T) {
+		t.Parallel()
+		client := coderdtest.New(t, nil)
+		first := coderdtest.CreateFirstUser(t, client)
+
+		member := coderdtest.CreateAnotherUser(t, client, first.OrganizationID)
+		memberUser, err := member.User(context.Background(), codersdk.Me)
+		require.NoError(t, err, "fetch member user")
+
+		_, err = client.UpdateUserStatus(context.Background(), memberUser.Username, codersdk.UserStatusSuspended)
+		require.NoError(t, err, "suspend member")
+
+		_, err = client.LoginWithPassword(context.Background(), codersdk.LoginWithPasswordRequest{
+			Email:    memberUser.Email,
+			Password: "testpass",
+		})
+		var apiErr *codersdk.Error
+		require.ErrorAs(t, err, &apiErr)
+		require.Equal(t, http.StatusUnauthorized, apiErr.StatusCode())
+		require.Contains(t, apiErr.Message, "suspended")
+	})
+
 	t.Run("Success", func(t *testing.T) {
 		t.Parallel()
 		client := coderdtest.New(t, nil)
