diff options
| author | Ilja <domainepublic@spectraltheorem.be> | 2020-10-23 11:11:51 +0200 |
|---|---|---|
| committer | Ilja <domainepublic@spectraltheorem.be> | 2020-10-23 11:11:51 +0200 |
| commit | 3ca8feb24648dcee766cef958e84f758b0acec64 (patch) | |
| tree | a1b59cae266fa808aadbdf234146ede4aaa06b58 /lib/pleroma/web/mongoose_im/mongoose_im_controller.ex | |
| parent | 513103829641faca5501d1d3123ce3c077d7da25 (diff) | |
| parent | 096e4518adf176c3f9cee0e38319340249083a48 (diff) | |
| download | pleroma-3ca8feb24648dcee766cef958e84f758b0acec64.tar.gz | |
fix merge conflict
Diffstat (limited to 'lib/pleroma/web/mongoose_im/mongoose_im_controller.ex')
| -rw-r--r-- | lib/pleroma/web/mongoose_im/mongoose_im_controller.ex | 46 |
1 files changed, 46 insertions, 0 deletions
diff --git a/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex new file mode 100644 index 000000000..2a5c7c356 --- /dev/null +++ b/lib/pleroma/web/mongoose_im/mongoose_im_controller.ex @@ -0,0 +1,46 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.MongooseIM.MongooseIMController do + use Pleroma.Web, :controller + + alias Pleroma.Repo + alias Pleroma.User + alias Pleroma.Web.Plugs.AuthenticationPlug + alias Pleroma.Web.Plugs.RateLimiter + + plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password]) + plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password) + + def user_exists(conn, %{"user" => username}) do + with %User{} <- Repo.get_by(User, nickname: username, local: true, deactivated: false) do + conn + |> json(true) + else + _ -> + conn + |> put_status(:not_found) + |> json(false) + end + end + + def check_password(conn, %{"user" => username, "pass" => password}) do + with %User{password_hash: password_hash, deactivated: false} <- + Repo.get_by(User, nickname: username, local: true), + true <- AuthenticationPlug.checkpw(password, password_hash) do + conn + |> json(true) + else + false -> + conn + |> put_status(:forbidden) + |> json(false) + + _ -> + conn + |> put_status(:not_found) + |> json(false) + end + end +end |