From 5d6ad8f39cec09ee62018b21d4129bdfcb4d5e6a Mon Sep 17 00:00:00 2001
From: Neil Lalonde <neillalonde@gmail.com>
Date: Thu, 27 Jun 2013 15:14:42 -0400
Subject: [PATCH] Show a useful message when a banned user tries to log in

---
 app/controllers/session_controller.rb       | 6 ++++++
 config/locales/server.en.yml                | 2 ++
 spec/controllers/session_controller_spec.rb | 9 +++++++++
 3 files changed, 17 insertions(+)

diff --git a/app/controllers/session_controller.rb b/app/controllers/session_controller.rb
index 19ea421e811..19ab63823c5 100644
--- a/app/controllers/session_controller.rb
+++ b/app/controllers/session_controller.rb
@@ -28,6 +28,12 @@ class SessionController < ApplicationController
 
       # If their password is correct
       if @user.confirm_password?(params[:password])
+
+        if @user.is_banned?
+          render json: { error: I18n.t("login.banned", {date: I18n.l(@user.banned_till, format: :short_no_year)}) }
+          return
+        end
+
         if @user.email_confirmed?
           log_on_user(@user)
           render_serialized(@user, UserSerializer)
diff --git a/config/locales/server.en.yml b/config/locales/server.en.yml
index 7c80aba6c2e..3ee2b813579 100644
--- a/config/locales/server.en.yml
+++ b/config/locales/server.en.yml
@@ -12,6 +12,7 @@ en:
   time:
     formats:
       short: "%m-%d-%Y"
+      short_no_year: "%B %-d"
 
   title: "Discourse"
   topics: "Topics"
@@ -685,6 +686,7 @@ en:
     active: "Your account is active and ready."
     activate_email: "You're almost done! We sent an activation email to <b>%{email}</b>. Please follow the instructions in the email to activate your account."
     not_activated: "You can't log in yet. We sent an activation email to you. Please follow the instructions in the email to activate your account."
+    banned: "You can't log in until %{date}."
     errors: "%{errors}"
     not_available: "Not available. Try %{suggestion}?"
     something_already_taken: "Something went wrong, perhaps the username or email is already registered. Try the forgot password link."
diff --git a/spec/controllers/session_controller_spec.rb b/spec/controllers/session_controller_spec.rb
index 857fad1d5ae..64b9832b4d0 100644
--- a/spec/controllers/session_controller_spec.rb
+++ b/spec/controllers/session_controller_spec.rb
@@ -23,6 +23,15 @@ describe SessionController do
         end
       end
 
+      describe 'banned user' do
+        it 'should return an error' do
+          User.any_instance.stubs(:is_banned?).returns(true)
+          User.any_instance.stubs(:banned_till).returns(2.days.from_now)
+          xhr :post, :create, login: user.username, password: 'myawesomepassword'
+          ::JSON.parse(response.body)['error'].should be_present
+        end
+      end
+
       describe 'success by username' do
         before do
           xhr :post, :create, login: user.username, password: 'myawesomepassword'