Don't further setup disabled users when logging in with apache

Signed-off-by: Joas Schilling <[email protected]>

Author: nickvergessen

lib/private/legacy/OC_User.php

@@ -36,6 +36,7 @@
  *
  */
 
+use OC\User\LoginException;
 use OCP\ILogger;
 
 /**
@@ -168,6 +169,10 @@ public static function loginWithApache(\OCP\Authentication\IApacheBackend $backe
 			if (self::getUser() !== $uid) {
 				self::setUserId($uid);
 				$userSession = \OC::$server->getUserSession();
+				if ($userSession->getUser() && !$userSession->getUser()->isEnabled()) {
+					$message = \OC::$server->getL10N('lib')->t('User disabled');
+					throw new LoginException($message);
+				}
 				$userSession->setLoginName($uid);
 				$request = OC::$server->getRequest();
 				$userSession->createSessionToken($request, $uid, $uid);