From d94d754961edb94a62dbdeaec862cd2fa7f4ce27 Mon Sep 17 00:00:00 2001
From: nabeelio <nabeel@nabeel.sh>
Date: Mon, 8 Mar 2021 11:24:09 -0500
Subject: [PATCH] Block user if they're not active #1066

---
 app/Http/Middleware/ApiAuth.php | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/app/Http/Middleware/ApiAuth.php b/app/Http/Middleware/ApiAuth.php
index 510ec4ae..cb889812 100644
--- a/app/Http/Middleware/ApiAuth.php
+++ b/app/Http/Middleware/ApiAuth.php
@@ -6,6 +6,7 @@
 namespace App\Http\Middleware;
 
 use App\Contracts\Middleware;
+use App\Models\Enums\UserState;
 use App\Models\User;
 use Closure;
 use Illuminate\Http\Request;
@@ -38,6 +39,10 @@ class ApiAuth implements Middleware
             return $this->unauthorized('User not found with key "'.$api_key.'"');
         }
 
+        if ($user->state !== UserState::ACTIVE && $user->state !== UserState::ON_LEAVE) {
+            return $this->unauthorized('User is not ACTIVE, please contact an administrator');
+        }
+
         // Set the user to the request
         Auth::setUser($user);
         $request->merge(['user' => $user]);