From 8baf20451678289e9f5f774894f4c32e47d56eb4 Mon Sep 17 00:00:00 2001 From: Tanner Collin Date: Wed, 12 Jul 2023 18:24:49 +0000 Subject: [PATCH] Prevent logging in as the superuser --- apiserver/apiserver/api/serializers.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/apiserver/apiserver/api/serializers.py b/apiserver/apiserver/api/serializers.py index 13720ee..e7b1531 100644 --- a/apiserver/apiserver/api/serializers.py +++ b/apiserver/apiserver/api/serializers.py @@ -1066,6 +1066,11 @@ class MyLoginSerializer(LoginSerializer): if not User.objects.filter(username=username).exists(): raise ValidationError(dict(username='Username not found. Try "first.last" or "first.middle.last".')) + try: + _ = User.objects.get(username=username).member + except User.member.RelatedObjectDoesNotExist: + raise ValidationError(dict(username='Can\'t log in as superuser. Make an account below.')) + user = super().authenticate(**kwargs) if not user: