From 94a0aa696706ae73a9190afafe3233be6b09e4db Mon Sep 17 00:00:00 2001
From: Badlop <badlop@process-one.net>
Date: Wed, 24 Apr 2024 21:02:31 +0200
Subject: [PATCH] Add support to provide ban detail when account logins (#4201)

---
 src/ejabberd_auth.erl | 27 ++++++++++++++++++++++-----
 1 file changed, 22 insertions(+), 5 deletions(-)

diff --git a/src/ejabberd_auth.erl b/src/ejabberd_auth.erl
index 594fc1bd7..c37d4c187 100644
--- a/src/ejabberd_auth.erl
+++ b/src/ejabberd_auth.erl
@@ -236,14 +236,16 @@ check_password_with_authmodule(User, AuthzId, Server, Password) ->
 
 -spec check_password_with_authmodule(
 	binary(), binary(), binary(), binary(), binary(),
-	digest_fun() | undefined) -> false | {true, atom()}.
+	digest_fun() | undefined) -> false | {false, atom(), binary()} | {true, atom()}.
 check_password_with_authmodule(User, AuthzId, Server, Password, Digest, DigestGen) ->
     case validate_credentials(User, Server) of
 	{ok, LUser, LServer} ->
-	    case jid:nodeprep(AuthzId) of
-		error ->
+	    case {jid:nodeprep(AuthzId), get_is_banned(LUser, LServer)} of
+                {error, _} ->
 		    false;
-		LAuthzId ->
+                {_, {is_banned, BanReason}} ->
+                    {false, 'account-disabled', BanReason};
+                {LAuthzId, _} ->
                     untag_stop(
                       lists:foldl(
                         fun(Mod, false) ->
@@ -373,10 +375,15 @@ get_password_s(User, Server) ->
       Password -> Password
     end.
 
--spec get_password_with_authmodule(binary(), binary()) -> {false | password(), module()}.
+-spec get_password_with_authmodule(binary(), binary()) ->
+    {false | {false, atom(), binary()} | password(), module()}.
 get_password_with_authmodule(User, Server) ->
     case validate_credentials(User, Server) of
 	{ok, LUser, LServer} ->
+	    case get_is_banned(LUser, LServer) of
+                {is_banned, BanReason} ->
+                    {{false, 'account-disabled', BanReason}, module_not_consulted};
+                not_banned ->
 	    case lists:foldl(
 		   fun(M, {error, _}) ->
 			   {db_get_password(LUser, LServer, M), M};
@@ -387,6 +394,7 @@ get_password_with_authmodule(User, Server) ->
 		    {Password, Module};
 		{error, Module} ->
 		    {false, Module}
+            end
 	    end;
 	_ ->
 	    {false, undefined}
@@ -567,6 +575,15 @@ backend_type(Mod) ->
 password_format(LServer) ->
     ejabberd_option:auth_password_format(LServer).
 
+get_is_banned(User, Server) ->
+    case mod_admin_extra:get_ban_details(User, Server) of
+          [] ->
+              not_banned;
+          BanDetails ->
+              {_, ReasonText} = lists:keyfind("reason", 1, BanDetails),
+              {is_banned, <<"Account is banned: ", ReasonText/binary>>}
+    end.
+
 %%%----------------------------------------------------------------------
 %%% Backend calls
 %%%----------------------------------------------------------------------