From 609933d98f9940e99a8cc7ad4d3bcd73d5aa0b2e Mon Sep 17 00:00:00 2001
From: Philippe Loctaux <p@philippeloctaux.com>
Date: Sat, 18 Mar 2023 13:44:17 +0100
Subject: [PATCH] ezidam: oauth: redirect: check if user is archived

---
 crates/ezidam/src/error.rs                 | 4 ++++
 crates/ezidam/src/routes/oauth/redirect.rs | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/crates/ezidam/src/error.rs b/crates/ezidam/src/error.rs
index 96ea2ef..35f1290 100644
--- a/crates/ezidam/src/error.rs
+++ b/crates/ezidam/src/error.rs
@@ -47,4 +47,8 @@ impl Error {
     pub fn bad_request<M: std::fmt::Display>(value: M) -> Self {
         Self::new(Status::BadRequest, value)
     }
+
+    pub fn forbidden<M: std::fmt::Display>(value: M) -> Self {
+        Self::new(Status::Forbidden, value)
+    }
 }
diff --git a/crates/ezidam/src/routes/oauth/redirect.rs b/crates/ezidam/src/routes/oauth/redirect.rs
index e125e3b..aaae0c2 100644
--- a/crates/ezidam/src/routes/oauth/redirect.rs
+++ b/crates/ezidam/src/routes/oauth/redirect.rs
@@ -40,6 +40,11 @@ pub async fn redirect_page(
         .await?
         .ok_or_else(|| Error::not_found("Could not find user"))?;
 
+    // Check if user is archived
+    if user.is_archived() {
+        return Err(Error::forbidden("User is archived"));
+    }
+
     // Mark code as used
     code.use_code(&mut transaction).await?;