|
|
@@ -14,7 +14,7 @@ from config.mails import REGISTER_MAIL
|
|
|
from config.messages import ErrorResponse, SuccessResponse, UserResponse
|
|
|
from config.settings import APPNAME, PIN_KEY
|
|
|
from models.user import LoginRequest, PinUserRequest, RegisterUserRequest, User, User, UserIDRequest, UserRewardRequest
|
|
|
-from services.data_service import UserDataService
|
|
|
+from services.data_service import BlacklistDataService, UserDataService
|
|
|
from services.email_service import get_email_sender
|
|
|
from services.print_service import print_ticket
|
|
|
from services.logging_service import structured_logger, LogLevel
|
|
|
@@ -23,7 +23,7 @@ from utils.rut import validate_rut
|
|
|
fernet = Fernet(PIN_KEY.encode())
|
|
|
logger = getLogger(__name__)
|
|
|
user_data_service = UserDataService()
|
|
|
-
|
|
|
+blacklist_data_service = BlacklistDataService()
|
|
|
user_router = APIRouter()
|
|
|
|
|
|
|
|
|
@@ -265,6 +265,24 @@ async def login_user(request: LoginRequest, http_request: Request):
|
|
|
user = user_data_service.login(request.email, request.pin)
|
|
|
|
|
|
if user:
|
|
|
+ if blacklist_data_service.is_user_blacklisted(user.id):
|
|
|
+ logger.warning(f"Login attempt for blacklisted user: {request.email}")
|
|
|
+ structured_logger.log_security_event(
|
|
|
+ f"Login attempt by blacklisted user",
|
|
|
+ LogLevel.WARNING,
|
|
|
+ {
|
|
|
+ "email": request.email,
|
|
|
+ "user_agent": http_request.headers.get("user-agent", "unknown"),
|
|
|
+ "referer": http_request.headers.get("referer", "unknown"),
|
|
|
+ "client_ip": http_request.client.host if http_request.client else "unknown"
|
|
|
+ },
|
|
|
+ user_email=request.email
|
|
|
+ )
|
|
|
+ return JSONResponse(
|
|
|
+ status_code=403,
|
|
|
+ content={"message": UserResponse.USER_BLACKLISTED}
|
|
|
+ )
|
|
|
+
|
|
|
# Successful login
|
|
|
logger.info(f"Successful login for user: {request.email}")
|
|
|
|
latapp