apache · arshadmohammad · Jan 11, 2025 · shashwatsai · Jan 16, 2025 · shashwatsai
diff --git a/...erver/seatunnel-app/src/main/resources/org/apache/seatunnel/app/dal/mapper/UserMapper.xml b/...erver/seatunnel-app/src/main/resources/org/apache/seatunnel/app/dal/mapper/UserMapper.xml
@@ -94,7 +94,7 @@
         select
         <include refid="Base_Column_List"/>
         from `user`
-        where username = #{username,jdbcType=VARCHAR} and password = #{password,jdbcType=VARCHAR}
+        where status = 0 and username = #{username,jdbcType=VARCHAR} and password = #{password,jdbcType=VARCHAR}
     </select>
     <select id="queryEnabledUsers" resultType="org.apache.seatunnel.app.dal.entity.User">
         select

diff --git a/...el-server-common/src/main/java/org/apache/seatunnel/server/common/SeatunnelErrorEnum.java b/...el-server-common/src/main/java/org/apache/seatunnel/server/common/SeatunnelErrorEnum.java
@@ -32,8 +32,8 @@ public enum SeatunnelErrorEnum {
 
     USERNAME_PASSWORD_NO_MATCHED(
             10007,
-            "username and password no matched",
-            "The user name and password do not match, please check your input"),
+            "username and password no matched or user is disabled.",
-            "username and password no matched or user is disabled.",
+            "username and password not matched or user is disabled."
-            "username and password no matched or user is disabled.",
+            "username and password not matched or user is disabled."
+            "The user name and password do not match or user is disabled, please check your input"),
 
     TOKEN_ILLEGAL(10008, "token illegal", "The token is expired or invalid, please login again."),
     NO_SUCH_JOB(10009, "no such job", "No such job. Maybe deleted by others."),

diff --git a/seatunnel-web-it/src/test/java/org/apache/seatunnel/app/common/SeatunnelWebTestingBase.java b/seatunnel-web-it/src/test/java/org/apache/seatunnel/app/common/SeatunnelWebTestingBase.java
@@ -35,7 +35,7 @@
 public class SeatunnelWebTestingBase {
     protected final String baseUrl = "http://localhost:8802/seatunnel/api/v1";
 
-    protected Result<UserSimpleInfoRes> login(UserLoginReq userLoginReq) {
+    public Result<UserSimpleInfoRes> login(UserLoginReq userLoginReq) {
         String requestBody = JsonUtils.toJsonString(userLoginReq);
         String response = sendRequest(url("user/login"), requestBody, "POST");
         return JSONTestUtils.parseObject(

diff --git a/seatunnel-web-it/src/test/java/org/apache/seatunnel/app/test/UserControllerTest.java b/seatunnel-web-it/src/test/java/org/apache/seatunnel/app/test/UserControllerTest.java
@@ -21,12 +21,17 @@
 import org.apache.seatunnel.app.controller.UserControllerWrapper;
 import org.apache.seatunnel.app.domain.request.user.AddUserReq;
 import org.apache.seatunnel.app.domain.request.user.UpdateUserReq;
+import org.apache.seatunnel.app.domain.request.user.UserLoginReq;
 import org.apache.seatunnel.app.domain.response.user.AddUserRes;
+import org.apache.seatunnel.app.domain.response.user.UserSimpleInfoRes;
+import org.apache.seatunnel.server.common.SeatunnelErrorEnum;
 
 import org.junit.jupiter.api.AfterAll;
 import org.junit.jupiter.api.BeforeAll;
 import org.junit.jupiter.api.Test;
 
+import static org.junit.jupiter.api.Assertions.assertEquals;
+import static org.junit.jupiter.api.Assertions.assertFalse;
 import static org.junit.jupiter.api.Assertions.assertNotNull;
 import static org.junit.jupiter.api.Assertions.assertTrue;
 
@@ -95,6 +100,36 @@ public void listUsers_shouldReturnUsers_whenUsersExist() {
         assertNotNull(result.getData());
     }
 
+    @Test
+    public void disabledUser_shouldNotBeAbleToLogin() {
+        String user = "disabledUser" + uniqueId;
+        String pass = "pass4";
+        AddUserReq addUserReq = getAddUserReq(user, pass);
+        Result<AddUserRes> result = userControllerWrapper.addUser(addUserReq);
+        assertTrue(result.isSuccess());
+
+        // Disable the user
+        UpdateUserReq updateUserReq = new UpdateUserReq();
+        updateUserReq.setUsername(user);
+        updateUserReq.setUserId(result.getData().getId());
+        updateUserReq.setPassword(pass);
+        updateUserReq.setStatus((byte) 1);
+        updateUserReq.setType((byte) 0);
+        Result<Void> disableUserResult =
+                userControllerWrapper.updateUser(
+                        Long.toString(result.getData().getId()), updateUserReq);
+        assertTrue(disableUserResult.isSuccess());
+
+        // Attempt to login with the disabled user
+        UserLoginReq loginReq = new UserLoginReq();
+        loginReq.setUsername(user);
+        loginReq.setPassword(pass);
+        Result<UserSimpleInfoRes> loginResult = userControllerWrapper.login(loginReq);
+        assertFalse(loginResult.isSuccess());
+        assertEquals(
+                SeatunnelErrorEnum.USERNAME_PASSWORD_NO_MATCHED.getCode(), loginResult.getCode());
+    }
+
     @AfterAll
     public static void tearDown() {
         Result<Void> logout = userControllerWrapper.logout();