projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge remote-tracking branch 'remotes/origin/develop' into follow-request-notifications
[akkoma]
/
lib
/
pleroma
/
web
/
mongooseim
/
mongoose_im_controller.ex
diff --git
a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 489d5d3a528dc89d6f4a7600055c8249fc4ba856..1ed6ee521a41a77a3eedde98661dc3e5cfba48b4 100644
(file)
--- a/
lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/
lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@
-1,15
+1,20
@@
# Pleroma: A lightweight social networking server
# Pleroma: A lightweight social networking server
-# Copyright © 2017-20
19
Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-20
20
Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller
+
alias Comeonin.Pbkdf2
alias Comeonin.Pbkdf2
+ alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo
alias Pleroma.User
alias Pleroma.Repo
alias Pleroma.User
+ plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
+ plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
+
def user_exists(conn, %{"user" => username}) do
def user_exists(conn, %{"user" => username}) do
- with %User{} <- Repo.get_by(User, nickname: username, local: true) do
+ with %User{} <- Repo.get_by(User, nickname: username, local: true
, deactivated: false
) do
conn
|> json(true)
else
conn
|> json(true)
else
@@
-21,7
+26,7
@@
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
end
def check_password(conn, %{"user" => username, "pass" => password}) do
end
def check_password(conn, %{"user" => username, "pass" => password}) do
- with %User{password_hash: password_hash} <-
+ with %User{password_hash: password_hash
, deactivated: false
} <-
Repo.get_by(User, nickname: username, local: true),
true <- Pbkdf2.checkpw(password, password_hash) do
conn
Repo.get_by(User, nickname: username, local: true),
true <- Pbkdf2.checkpw(password, password_hash) do
conn
@@
-29,7
+34,7
@@
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
else
false ->
conn
else
false ->
conn
- |> put_status(
403
)
+ |> put_status(
:forbidden
)
|> json(false)
_ ->
|> json(false)
_ ->