Do not allow deactivated auth to pass mongooseim checksmongoose-im-deactivated-users

author: Hannah Ward <hannah.ward01@bbc.co.uk> 2020-04-27 17:03:07 +0100
committer: Hannah Ward <hannah.ward01@bbc.co.uk> 2020-04-27 17:03:07 +0100
commit: fd04237ad899e966c5ac2a21ce9cf8bf4d39ca34 (patch)
tree: 4894dfd5cf0c32736f9ff2d4bee7b777f4fa2731 /lib
parent: 01cc93b6873b5c50c0fc54774a3b004bf660e46b (diff)
download: pleroma-mongoose-im-deactivated-users.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 04d823b36..ee24a61c0 100644
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@ -27,7 +27,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
 
   def check_password(conn, %{"user" => username, "pass" => password}) do
     with %User{password_hash: password_hash} <-
-           Repo.get_by(User, nickname: username, local: true),
+           Repo.get_by(User, nickname: username, local: true, deactivated: false),
          true <- Pbkdf2.checkpw(password, password_hash) do
       conn
       |> json(true)
author	Hannah Ward <hannah.ward01@bbc.co.uk>	2020-04-27 17:03:07 +0100
committer	Hannah Ward <hannah.ward01@bbc.co.uk>	2020-04-27 17:03:07 +0100
commit	fd04237ad899e966c5ac2a21ce9cf8bf4d39ca34 (patch)
tree	4894dfd5cf0c32736f9ff2d4bee7b777f4fa2731 /lib
parent	01cc93b6873b5c50c0fc54774a3b004bf660e46b (diff)
download	pleroma-mongoose-im-deactivated-users.tar.gz