thoroughly validate user

owrx/controllers/admin.py

@@ -1,6 +1,7 @@
 from .template import WebpageController
 from .session import SessionStorage
 from owrx.config import Config
+from owrx.users import UserList
 from urllib import parse
 
 import logging
@@ -10,9 +11,18 @@ logger = logging.getLogger(__name__)
 
 class Authentication(object):
     def isAuthenticated(self, request):
-        if "owrx-session" in request.cookies:
+        if "owrx-session" not in request.cookies:
+            return False
         session = SessionStorage.getSharedInstance().getSession(request.cookies["owrx-session"].value)
-            return session is not None
+        if session is None:
+            return False
+        if "user" not in session:
+            return False
+        userList = UserList.getSharedInstance()
+        try:
+            user = userList[session["user"]]
+            return user.is_enabled()
+        except KeyError:
             return False