Once a user suspended, the ideal scenario would be to redirect him to a page like “Your account is currently suspended until …”.
Currently, suspended users cause an infinite loop:
- Discourse redirects the user to the login page (normal).
- Then the Login page redirects the user to Discourse and normally he should see an error or our community main page…
- However if the user is suspended, then Discourse will redirect again the user to the login page.
- As the user is already logged in, he will be redirected to discourse
And so on… In the end, it goes back and forward from the login server to discourse until the browser decides to raise an exception (Too many redirections…).
Is there a way to work around this issue?
My guess is that this only happens if your site requires login.
It does sound like a legit bug, workarounds are a bit hard, but perhaps listen on a web hook for suspend and then don’t send them back into Discourse if they are suspended.
Thank you for your answer. Any chance of getting a fix?
It’s fairly easy to fix on the SSO provider end, but if it’s not fixed there the forum will appear to be broken.
For fixing it on Discourse, it’s possible to check if the user is suspended and login is required in the
sso_login method. If true, redirect them back to the SSO provider, either to an
sso_suspended_url that’s added as a site setting, or to the
sso_url with some query parameters that the SSO provider can make use of.
Do you think it would be possible to get this fixed?
Thx Sam! It would be perfect!
This topic was automatically closed after 25 hours. New replies are no longer allowed.