feat: enhance authentication process with agent state validation

- Added a check for the agent's current state during authentication, ensuring that only active agents can proceed with login attempts.
- Implemented auditing for failed authentication attempts due to inactive agents, improving tracking and security measures.

Author: tacxou

apps/api/src/core/auth/auth.service.ts

@@ -19,6 +19,7 @@ import { ApiSession } from '~/_common/data/api-session';
 import { AuditsService } from '~/core/audits/audits.service';
 import { Types } from 'mongoose';
 import ipRangeCheck from 'ip-range-check';
+import { AgentState } from '~/core/agents/_enum/agent-state.enum';
 
 @Injectable()
 export class AuthService extends AbstractService implements OnModuleInit {
@@ -88,6 +89,17 @@ export class AuthService extends AbstractService implements OnModuleInit {
         return null;
       }
 
+      if (user?.state?.current !== AgentState.ACTIVE) {
+        await this.auditAuthenticationAttempt({
+          username,
+          ip,
+          result: 'failed',
+          reason: 'agent_not_active',
+          agentId: user?._id,
+        });
+        return null;
+      }
+
       if (!this.isClientIpAllowed(user?.security?.allowedNetworks, ip)) {
         await this.auditAuthenticationAttempt({
           username,