fix(auth): detect banned/deleted user on page load via InitializeAsync

- LoginService.InitializeAsync: after fetching LoggedUser, check IsBanned
  and DeletedAt. If banned/disabled, set ForceLogoutReason, call Logout
  to clear state, and return false
- App.razor: after InitializeAsync completes, check ForceLogoutReason
  and navigate to /login if set. This handles the timing issue where
  MainLayout isnt created yet when the event fires on page load

Refs #45
This commit is contained in:
2026-07-08 19:15:49 +02:00
parent a84d93882d
commit 23ef7e3ded
2 changed files with 17 additions and 0 deletions

View File

@@ -1,4 +1,5 @@
@inject LoginService loginService
@inject NavigationManager NavigationManager
@if (_initialized) {
<Router AppAssembly="typeof(Program).Assembly">
@@ -20,5 +21,8 @@
protected override async Task OnInitializedAsync() {
await loginService.InitializeAsync();
_initialized = true;
if (loginService.ForceLogoutReason != null)
NavigationManager.NavigateTo("/login", true);
}
}

View File

@@ -112,6 +112,19 @@ public sealed class LoginService : ServiceBase {
AuthInfo = auth;
LoggedUser = await FetchLoggedUserAsync();
if (LoggedUser is { IsBanned: true }) {
ForceLogoutReason = "User is banned";
await Logout();
return false;
}
if (LoggedUser is { DeletedAt: not null }) {
ForceLogoutReason = "User is disabled";
await Logout();
return false;
}
return IsLoggedIn;
}