aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--lib/pleroma/plugs/authentication_plug.ex1
-rw-r--r--lib/pleroma/plugs/oauth_plug.ex3
-rw-r--r--test/plugs/authentication_plug_test.exs27
3 files changed, 30 insertions, 1 deletions
diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index beb02eb88..60f6faf49 100644
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -12,6 +12,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
def call(conn, opts) do
with {:ok, username, password} <- decode_header(conn),
{:ok, user} <- opts[:fetcher].(username),
+ false <- !!user.info["deactivated"],
saved_user_id <- get_session(conn, :user_id),
{:ok, verified_user} <- verify(user, password, saved_user_id)
do
diff --git a/lib/pleroma/plugs/oauth_plug.ex b/lib/pleroma/plugs/oauth_plug.ex
index 775423bb1..be737dc9a 100644
--- a/lib/pleroma/plugs/oauth_plug.ex
+++ b/lib/pleroma/plugs/oauth_plug.ex
@@ -16,7 +16,8 @@ defmodule Pleroma.Plugs.OAuthPlug do
end
with token when not is_nil(token) <- token,
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
- %User{} = user <- Repo.get(User, user_id) do
+ %User{} = user <- Repo.get(User, user_id),
+ false <- !!user.info["deactivated"] do
conn
|> assign(:user, user)
else
diff --git a/test/plugs/authentication_plug_test.exs b/test/plugs/authentication_plug_test.exs
index 9d6c2cd70..5480dab43 100644
--- a/test/plugs/authentication_plug_test.exs
+++ b/test/plugs/authentication_plug_test.exs
@@ -14,6 +14,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
}
+ @deactivated %User{
+ id: 1,
+ name: "dude",
+ password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
+ info: %{"deactivated" => true}
+ }
+
@session_opts [
store: :cookie,
key: "_test",
@@ -131,6 +138,26 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
end
end
+ describe "with a correct authorization header for an deactiviated user" do
+ test "it halts the appication", %{conn: conn} do
+ opts = %{
+ optional: false,
+ fetcher: fn _ -> @deactivated end
+ }
+
+ header = basic_auth_enc("dude", "guy")
+
+ conn = conn
+ |> Plug.Session.call(Plug.Session.init(@session_opts))
+ |> fetch_session
+ |> put_req_header("authorization", header)
+ |> AuthenticationPlug.call(opts)
+
+ assert conn.status == 403
+ assert conn.halted == true
+ end
+ end
+
describe "with a user_id in the session for an existing user" do
test "it assigns the user", %{conn: conn} do
opts = %{
generated by cgit v1.2.3 (git 2.26.2) at 2025-04-24 07:48:43 +0000