From 85a1e3b653933606b9f829980c12aa43f149cfda Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Wed, 2 May 2018 12:35:45 +0300
Subject: [PATCH 1/3] Do not allow inactive users to access repositories using
 private keys

---
 cmd/serv.go | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/cmd/serv.go b/cmd/serv.go
index 0326656f2a47..00e792845b76 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -230,6 +230,12 @@ func runServ(c *cli.Context) error {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
 
+			if !user.IsActive {
+				fail("Your account is not active",
+					"User %s is disabled and have no access to repository %s",
+					user.Name, repoPath)
+			}
+
 			mode, err := models.AccessLevel(user.ID, repo)
 			if err != nil {
 				fail("Internal error", "Failed to check access: %v", err)

From b37dc4f7ea2539ab0b83f051076f97583f2cdbd6 Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Wed, 2 May 2018 12:45:49 +0300
Subject: [PATCH 2/3] Check also that user does not have prohibit login set

---
 cmd/serv.go | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/cmd/serv.go b/cmd/serv.go
index 00e792845b76..24a58ea6b4a9 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -230,8 +230,8 @@ func runServ(c *cli.Context) error {
 				fail("internal error", "Failed to get user by key ID(%d): %v", keyID, err)
 			}
 
-			if !user.IsActive {
-				fail("Your account is not active",
+			if !user.IsActive || user.ProhibitLogin {
+				fail("Your account is not active or has been disabled by Adminstrator",
 					"User %s is disabled and have no access to repository %s",
 					user.Name, repoPath)
 			}

From 9cb8e1cb11d333c2fbfbda46c3abb90e60b98e27 Mon Sep 17 00:00:00 2001
From: Lauris BH <lauris@nix.lv>
Date: Wed, 2 May 2018 14:41:50 +0300
Subject: [PATCH 3/3] Fix typo

---
 cmd/serv.go | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/cmd/serv.go b/cmd/serv.go
index 24a58ea6b4a9..5d567e6d641e 100644
--- a/cmd/serv.go
+++ b/cmd/serv.go
@@ -231,7 +231,7 @@ func runServ(c *cli.Context) error {
 			}
 
 			if !user.IsActive || user.ProhibitLogin {
-				fail("Your account is not active or has been disabled by Adminstrator",
+				fail("Your account is not active or has been disabled by Administrator",
 					"User %s is disabled and have no access to repository %s",
 					user.Name, repoPath)
 			}