From 73f57457c05f16a2f51f850fe392208a010e1a77 Mon Sep 17 00:00:00 2001 From: adeelehsan Date: Thu, 14 Feb 2019 14:09:31 +0500 Subject: [PATCH] Disbale third party login if user password is unusable then disable third party login LEARNER-6183 --- common/djangoapps/third_party_auth/pipeline.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/common/djangoapps/third_party_auth/pipeline.py b/common/djangoapps/third_party_auth/pipeline.py index 583791b764..ffa7ed3e73 100644 --- a/common/djangoapps/third_party_auth/pipeline.py +++ b/common/djangoapps/third_party_auth/pipeline.py @@ -78,6 +78,8 @@ from social_core.pipeline import partial from social_core.pipeline.social_auth import associate_by_email from edxmako.shortcuts import render_to_string + +from util.json_request import JsonResponse from openedx.core.djangoapps.site_configuration import helpers as configuration_helpers from openedx.core.djangoapps.user_authn import cookies as user_authn_cookies from lms.djangoapps.verify_student.models import SSOVerification @@ -626,6 +628,9 @@ def set_logged_in_cookies(backend=None, user=None, strategy=None, auth_entry=Non """ if not is_api(auth_entry) and user is not None and user.is_authenticated: + if not user.has_usable_password(): + msg = "Your account is disabled" + return JsonResponse(msg, status=403) request = strategy.request if strategy else None # n.b. for new users, user.is_active may be False at this point; set the cookie anyways. if request is not None: