git.squeep.com Git - akkoma/blob - lib/pleroma/web/mongooseim/mongoose_im_controller.ex

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
   6   use Pleroma.Web, :controller
   7
   8   alias Comeonin.Pbkdf2
   9   alias Pleroma.Plugs.RateLimiter
  10   alias Pleroma.Repo
  11   alias Pleroma.User
  12
  13   plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
  14   plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
  15
  16   def user_exists(conn, %{"user" => username}) do
  17     with %User{} <- Repo.get_by(User, nickname: username, local: true) do
  18       conn
  19       |> json(true)
  20     else
  21       _ ->
  22         conn
  23         |> put_status(:not_found)
  24         |> json(false)
  25     end
  26   end
  27
  28   def check_password(conn, %{"user" => username, "pass" => password}) do
  29     user = Repo.get_by(User, nickname: username, local: true)
  30
  31     case User.account_status(user) do
  32       :deactivated ->
  33         conn
  34         |> put_status(:not_found)
  35         |> json(false)
  36
  37       :confirmation_pending ->
  38         conn
  39         |> put_status(:not_found)
  40         |> json(false)
  41
  42       _ ->
  43         with %User{password_hash: password_hash} <-
  44                user,
  45              true <- Pbkdf2.checkpw(password, password_hash) do
  46           conn
  47           |> json(true)
  48         else
  49           false ->
  50             conn
  51             |> put_status(:forbidden)
  52             |> json(false)
  53
  54           _ ->
  55             conn
  56             |> put_status(:not_found)
  57             |> json(false)
  58         end
  59     end
  60   end
  61 end