Skip to content
Snippets Groups Projects
Commit 0ec5aeb8 authored by lain's avatar lain
Browse files

Don't log in deactivated users.

parent e31a5ff4
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
lib/pleroma/plugs/authentication_plug.ex
+ 1
0
View file @ 0ec5aeb8
......@@ -12,6 +12,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
def call(conn, opts) do
with {:ok, username, password} <- decode_header(conn),
{:ok, user} <- opts[:fetcher].(username),
false <- !!user.info["deactivated"],
saved_user_id <- get_session(conn, :user_id),
{:ok, verified_user} <- verify(user, password, saved_user_id)
do
......
lib/pleroma/plugs/oauth_plug.ex
+ 2
1
View file @ 0ec5aeb8
......@@ -16,7 +16,8 @@ defmodule Pleroma.Plugs.OAuthPlug do
end
with token when not is_nil(token) <- token,
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
%User{} = user <- Repo.get(User, user_id) do
%User{} = user <- Repo.get(User, user_id),
false <- !!user.info["deactivated"] do
conn
|> assign(:user, user)
else
......
test/plugs/authentication_plug_test.exs
+ 27
0
View file @ 0ec5aeb8
......@@ -14,6 +14,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
}
@deactivated %User{
id: 1,
name: "dude",
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
info: %{"deactivated" => true}
}
@session_opts [
store: :cookie,
key: "_test",
......@@ -131,6 +138,26 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
end
end
describe "with a correct authorization header for an deactiviated user" do
test "it halts the appication", %{conn: conn} do
opts = %{
optional: false,
fetcher: fn _ -> @deactivated end
}
header = basic_auth_enc("dude", "guy")
conn = conn
|> Plug.Session.call(Plug.Session.init(@session_opts))
|> fetch_session
|> put_req_header("authorization", header)
|> AuthenticationPlug.call(opts)
assert conn.status == 403
assert conn.halted == true
end
end
describe "with a user_id in the session for an existing user" do
test "it assigns the user", %{conn: conn} do
opts = %{
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment