From cef2e7ce06ee2654d0bfdf388bfe80975750cabc Mon Sep 17 00:00:00 2001
From: Fernando Pintabona <fefo@pintabona.org>
Date: Wed, 7 Aug 2019 19:44:06 -0300
Subject: [PATCH] Check for banned user upon login

---
 src/Authentication/LocalAuthenticator.php | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/src/Authentication/LocalAuthenticator.php b/src/Authentication/LocalAuthenticator.php
index dbed12f3..519b139e 100644
--- a/src/Authentication/LocalAuthenticator.php
+++ b/src/Authentication/LocalAuthenticator.php
@@ -28,6 +28,16 @@ public function attempt(array $credentials, bool $remember = null): bool
             return false;
         }
 
+        if ($this->user->isBanned())
+            {
+                // Always record a login attempt, whether success or not.
+                $ipAddress = Services::request()->getIPAddress();
+                $this->recordLoginAttempt($credentials['email'], $ipAddress, $this->user->id ?? null, false);
+    
+                $this->user = null;
+                return false;
+            }
+
         return $this->login($this->user, $remember);
     }