From 9a0019f3addf4a3686ddeaa8ae2e93adf0233c25 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Adrian=20Z=C3=BCrcher?= <zuercher@mst.local>
Date: Fri, 7 Nov 2025 15:12:51 +0100
Subject: [PATCH] fix user defined exiration

---
 handlers/login.go | 19 ++++++++++++++-----
 1 file changed, 14 insertions(+), 5 deletions(-)

diff --git a/handlers/login.go b/handlers/login.go
index 3245a46..34534c1 100644
--- a/handlers/login.go
+++ b/handlers/login.go
@@ -49,10 +49,6 @@ func (aH *AccessHandler) Login(c *gin.Context) {
 		aH.logger.Error("Login", "user empty")
 		c.JSON(http.StatusBadRequest, models.NewJsonMessageResponse("user empty"))
 		return
-	} else if !user.ExpirationIsValid() {
-		aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
-		c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
-		return
 	}
 
 	// Fetch user record from DB
@@ -64,12 +60,24 @@ func (aH *AccessHandler) Login(c *gin.Context) {
 		return
 	}
 
+	if len(dbRecord) == 0 {
+		aH.logger.Error("Login", "no user "+user.Name+" found")
+		c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("invalid credentials"))
+		return
+	}
+
 	if len(dbRecord) > 1 {
 		aH.logger.Error("Login", "more than one record found")
 		c.JSON(http.StatusInternalServerError, models.NewJsonMessageResponse("internal error"))
 		return
 	}
 
+	if !dbRecord[0].ExpirationIsValid() {
+		aH.logger.Error("Login", fmt.Sprintf("user %s is expired", user.Name))
+		c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+user.Name+" is expired"))
+		return
+	}
+
 	// Check password
 	if !utils.CheckPassword(user.Password, dbRecord[0].Password) {
 		aH.logger.Error("Login", "invalid password")
@@ -182,7 +190,8 @@ func (aH *AccessHandler) Refresh(c *gin.Context) {
 	role := claims["role"].(string)
 
 	if !expirationDateValid(claims["userExpiration"].(string)) {
-		aH.logger.Error("Login", fmt.Sprintf("user %s is expired", username))
+		aH.Logout(c)
+		aH.logger.Error("Refresh", fmt.Sprintf("user %s is expired", username))
 		c.JSON(http.StatusUnauthorized, models.NewJsonMessageResponse("user "+username+" is expired"))
 		return
 	}