diff options
| author | fence <fence@desu-mail.moe> | 2020-04-27 17:55:33 +0200 |
|---|---|---|
| committer | fence <fence@desu-mail.moe> | 2020-04-27 17:55:33 +0200 |
| commit | a626cb682cc8fd6cad91484db064ed22646960af (patch) | |
| tree | 4c8b5780b8b7f82821cbb8271537f914c78c78a0 | |
| parent | dd4d10b275e76afc029aea642ae3d69b07e33d81 (diff) | |
| download | pleroma-a626cb682cc8fd6cad91484db064ed22646960af.tar.gz | |
secure mongoose auth endpoint
| -rw-r--r-- | lib/pleroma/web/mongooseim/mongoose_im_controller.ex | 33 |
1 files changed, 24 insertions, 9 deletions
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex index 04d823b36..744cf5227 100644 --- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex +++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex @@ -26,21 +26,36 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do end def check_password(conn, %{"user" => username, "pass" => password}) do - with %User{password_hash: password_hash} <- - Repo.get_by(User, nickname: username, local: true), - true <- Pbkdf2.checkpw(password, password_hash) do - conn - |> json(true) - else - false -> + user = Repo.get_by(User, nickname: username, local: true) + + case User.account_status(user) do + :deactivated -> conn - |> put_status(:forbidden) + |> put_status(:not_found) |> json(false) - _ -> + :confirmation_pending -> conn |> put_status(:not_found) |> json(false) + + _ -> + with %User{password_hash: password_hash} <- + user, + true <- Pbkdf2.checkpw(password, password_hash) do + conn + |> json(true) + else + false -> + conn + |> put_status(:forbidden) + |> json(false) + + _ -> + conn + |> put_status(:not_found) + |> json(false) + end end end end |