diff options
| author | lain <lain@soykaf.club> | 2020-04-28 09:18:59 +0000 |
|---|---|---|
| committer | lain <lain@soykaf.club> | 2020-04-28 09:18:59 +0000 |
| commit | 9994768312ede572c4ddd6beda7027b0a2baddce (patch) | |
| tree | 8326c8643175cf0147601e43f1a32f63e8bf7f63 /lib | |
| parent | 01cc93b6873b5c50c0fc54774a3b004bf660e46b (diff) | |
| parent | 5ff20793e739daa962cdc1623c01dc6ec1ff8a61 (diff) | |
| download | pleroma-9994768312ede572c4ddd6beda7027b0a2baddce.tar.gz | |
Merge branch 'mongoose-secure' into 'develop'
mongoose auth endpoint worked for deactivated accounts
See merge request pleroma/pleroma!2432
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/web/mongooseim/mongoose_im_controller.ex | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex index 04d823b36..1ed6ee521 100644 --- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex +++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex @@ -14,7 +14,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password) def user_exists(conn, %{"user" => username}) do - with %User{} <- Repo.get_by(User, nickname: username, local: true) do + with %User{} <- Repo.get_by(User, nickname: username, local: true, deactivated: false) do conn |> json(true) else @@ -26,7 +26,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do end def check_password(conn, %{"user" => username, "pass" => password}) do - with %User{password_hash: password_hash} <- + with %User{password_hash: password_hash, deactivated: false} <- Repo.get_by(User, nickname: username, local: true), true <- Pbkdf2.checkpw(password, password_hash) do conn |