fix: suspended users should not be able to login

Signed-off-by: Kevin Morris <kevr@0cost.org>

aurweb/routers/auth.py

@@ -46,13 +46,19 @@ async def login_post(request: Request,
         raise HTTPException(status_code=HTTPStatus.BAD_REQUEST,
                             detail=_("Bad Referer header."))
 
-    user = db.query(User).filter(
-        or_(User.Username == user, User.Email == user)
-    ).first()
+    with db.begin():
+        user = db.query(User).filter(
+            or_(User.Username == user, User.Email == user)
+        ).first()
+
     if not user:
         return await login_template(request, next,
                                     errors=["Bad username or password."])
 
+    if user.Suspended:
+        return await login_template(request, next,
+                                    errors=["Account Suspended"])
+
     cookie_timeout = cookies.timeout(remember_me)
     sid = user.login(request, passwd, cookie_timeout)
     if not sid: