From c20cdc2213f99c6faa500e908b13fed8d0bbe5a1 Mon Sep 17 00:00:00 2001
From: Christoph Wurst <christoph@owncloud.com>
Date: Tue, 17 May 2016 10:07:58 +0200
Subject: invalidate user session if the user is disabled

---
 lib/private/User/Session.php | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

(limited to 'lib')

diff --git a/lib/private/User/Session.php b/lib/private/User/Session.php
index 7104f46fea2..138e17bba9b 100644
--- a/lib/private/User/Session.php
+++ b/lib/private/User/Session.php
@@ -206,7 +206,7 @@ class Session implements IUserSession, Emitter {
 			return;
 		}
 
-		// Check whether login credentials are still valid
+		// Check whether login credentials are still valid and the user was not disabled
 		// This check is performed each 5 minutes
 		$lastCheck = $this->session->get('last_login_check') ? : 0;
 		$now = $this->timeFacory->getTime();
@@ -219,8 +219,9 @@ class Session implements IUserSession, Emitter {
 				return;
 			}
 
-			if ($this->manager->checkPassword($user->getUID(), $pwd) === false) {
-				// Password has changed -> log user out
+			if ($this->manager->checkPassword($user->getUID(), $pwd) === false
+				|| !$user->isEnabled()) {
+				// Password has changed or user was disabled -> log user out
 				$this->logout();
 				return;
 			}
-- 
cgit v1.2.3