From d610874be46f531992cf13f75547bf01336bf5c0 Mon Sep 17 00:00:00 2001
From: James Elliott <james-d-elliott@users.noreply.github.com>
Date: Tue, 18 Oct 2022 09:10:53 +1100
Subject: [PATCH] feat(authentication): disabled users in yaml file (#4193)

Allows setting users as disabled.
---
 docs/content/en/reference/guides/passwords.md          | 4 ++++
 internal/authentication/file_user_provider_database.go | 5 +++++
 2 files changed, 9 insertions(+)

diff --git a/docs/content/en/reference/guides/passwords.md b/docs/content/en/reference/guides/passwords.md
index 1e2fd4963..a9f8218eb 100644
--- a/docs/content/en/reference/guides/passwords.md
+++ b/docs/content/en/reference/guides/passwords.md
@@ -31,21 +31,25 @@ users:
     groups:
       - admins
       - dev
+    disabled: false
   harry:
     displayname: "Harry Potter"
     password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
     email: harry.potter@authelia.com
     groups: []
+    disabled: false
   bob:
     displayname: "Bob Dylan"
     password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
     email: bob.dylan@authelia.com
     groups:
       - dev
+    disabled: false
   james:
     displayname: "James Dean"
     password: "$argon2id$v=19$m=65536,t=3,p=2$BpLnfgDsc2WD8F2q$o/vzA4myCqZZ36bUGsDY//8mKUYNZZaR0t4MFFSs+iM"
     email: james.dean@authelia.com
+    disabled: false
 ```
 
 ## Passwords
diff --git a/internal/authentication/file_user_provider_database.go b/internal/authentication/file_user_provider_database.go
index 930d63fa1..fba0b128e 100644
--- a/internal/authentication/file_user_provider_database.go
+++ b/internal/authentication/file_user_provider_database.go
@@ -145,6 +145,10 @@ func (m *DatabaseModel) ReadToFileUserDatabase(db *FileUserDatabase) (err error)
 	var udm *DatabaseUserDetails
 
 	for user, details := range m.Users {
+		if details.Disabled {
+			continue
+		}
+
 		if udm, err = details.ToDatabaseUserDetailsModel(user); err != nil {
 			return fmt.Errorf("failed to parse hash for user '%s': %w", user, err)
 		}
@@ -206,6 +210,7 @@ type UserDetailsModel struct {
 	DisplayName    string   `yaml:"displayname" valid:"required"`
 	Email          string   `yaml:"email"`
 	Groups         []string `yaml:"groups"`
+	Disabled       bool     `yaml:"disabled"`
 }
 
 // ToDatabaseUserDetailsModel converts a UserDetailsModel into a *DatabaseUserDetails.