From f89c1d7185796cb21db469cf433dc39533f56d99 Mon Sep 17 00:00:00 2001
From: John Davis <jdavcs@gmail.com>
Date: Thu, 31 Oct 2024 16:49:42 -0400
Subject: [PATCH] Prevent purged users from logging in

Was possible if account was not deleted
---
 lib/galaxy/webapps/galaxy/controllers/user.py | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/galaxy/webapps/galaxy/controllers/user.py b/lib/galaxy/webapps/galaxy/controllers/user.py
index b0cb5ae5fe69..5ed60dbb706f 100644
--- a/lib/galaxy/webapps/galaxy/controllers/user.py
+++ b/lib/galaxy/webapps/galaxy/controllers/user.py
@@ -161,6 +161,9 @@ def __validate_login(self, trans, payload=None, **kwd):
             message, user = self.__autoregistration(trans, login, password)
             if message:
                 return self.message_exception(trans, message)
+        elif user.purged:
+            message = "This account has been permanently deleted."
+            return self.message_exception(trans, message, sanitize=False)
         elif user.deleted:
             message = (
                 "This account has been marked deleted, contact your local Galaxy administrator to restore the account."