how to keep out inactive users from login

[AH]

I'am trying to block users with unactivated email tokens from accessing. Currently unactivated users can still log in and simply get an alert. This method uses the satellizer auth system, with a promise, then and a catch.

Here is my LoginCtrl

'use strict';

angular.module('myapp').controller('LoginCtrl', function ($scope, alert, auth, $state, $auth, $timeout) {

  $scope.submit = function () {
    $auth.login({
      email: $scope.email,
      password: $scope.password
    })
      .then(function(res) {
        var message = 'Thanks for coming back ' + res.data.user.email + '!';
        if (!res.data.user.active)
          message = 'Just a reminder, please activate your account soon :)';
        alert('success', 'Welcome', message);
        return null;
      })
      .then(function() {
        $timeout(function() {
          $state.go('main');
        });
      })
      .catch(handleError);
  }

  function handleError(err) {
    alert('warning', 'oops there is a problem!', err.message);
  }


});

I like to display an alert message "please activate first" at the same time block login. I appreciate your help. Basically, I want to check if the user is active, then login authorized, if not, login will not be possible.