banned account gestion

BackEnd/src/controller/LoginController.class.php

@@ -25,6 +25,12 @@ class LoginController extends Controller
         }
 
         $user = User::tryLogin($json['login']);
+
+        if ($user->isBanned()==1){
+            $message = json_encode(["message" => "Your account is banned!"]);
+            return Response::unauthorizedResponse($message);
+        }
+
         if (empty($user) || !hash_equals($json['pwd'], $user->password())) {
             $r = new Response(422, "wrong credentials");
             $r->send();

BackEnd/src/model/User.class.php

@@ -40,6 +40,7 @@ class User extends Model
         $stm = parent::exec('USER_GET_WITH_LOGIN', ['login' => $login]);
         return $stm->fetch();
     }
+
     public function id()
     {
         return trim($this->ID_USER);

BackEnd/src/testRequests/userRequests.http

@@ -12,6 +12,14 @@ POST http://localhost/index.php/login
     "pwd": "hasheddupontpwd"
 }
 
+### Tenter de récupérer un token utilisateur bloqué
+POST http://localhost/index.php/login
+
+{
+    "login": "kevinlekikou",
+    "pwd": "hashedkevinlekikoupwd"
+}
+
 ### Récupérer un token admin
 
 POST http://localhost/index.php/login