Check lock_status before logging in

2023-01-08 23:37:41 -05:00 · 2023-01-08 23:37:41 -05:00 · a33cbff534
commit a33cbff534
parent 0ea7f7c906
2 changed files with 26 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -32,7 +32,6 @@ Run the tests locally (against development environment):

 ## TODOs

-1. lock_status isn't doing anything!!
 1. Actions for creating moderators and resetting passwords
 1. CSS
 1. "All new posts flagged" mode (require approval for new posts)
--- a/lib/PostText/Model/Moderator.pm
+++ b/lib/PostText/Model/Moderator.pm
@ -17,7 +17,9 @@ sub create($self, $name, $email, $password) {
 }

 sub check($self, $email, $password) {
-    my $moderator =
+    my ($moderator, $mod_id);
+
+    $moderator =
        $self->pg->db->query(<<~'END_SQL', $email)->hash;
            SELECT moderator_id AS id,
                   password_hash
@ -25,10 +27,22 @@ sub check($self, $email, $password) {
             WHERE email_addr = ?;
           END_SQL

-    return undef unless $moderator->{'id'};
+    $mod_id = $moderator->{'id'};

-    return $self->authenticator
-        ->verify_password($password, $moderator->{'password_hash'});
+    if ($mod_id && !$self->lock_status($mod_id)) {
+        return $self->authenticator
+            ->verify_password($password, $moderator->{'password_hash'});
+    }
+
+    return undef;
+}
+
+sub lock_out($self, $mod_id) {
+    $self->pg->db->query(<<~'END_SQL', $mod_id)
+        UPDATE moderators
+           SET lock_status = TRUE
+         WHERE moderator_id = ?;
+       END_SQL
 }

 sub get_id($self, $email) {
@ -47,6 +61,14 @@ sub get_name($self, $mod_id) {
       END_SQL
 }

+sub lock_status($self, $mod_id) {
+    $self->pg->db->query(<<~'END_SQL', $mod_id)->hash->{'lock_status'}
+        SELECT lock_status
+          FROM moderators
+         WHERE moderator_id = ?;
+       END_SQL
+}
+
 sub login_timestamp($self, $mod_id) {
    $self->pg->db->query(<<~'END_SQL', $mod_id);
        UPDATE moderators