Don't log in deactivated users.

[akkoma] / lib / pleroma / plugs / authentication_plug.ex

diff --git a/lib/pleroma/plugs/authentication_plug.ex b/lib/pleroma/plugs/authentication_plug.ex
index 14654f2e6ff6f73aa8d7aa86cc6872e914b139f4..60f6faf494496b0e7085134c35b48ff173340283 100644 (file)
--- a/lib/pleroma/plugs/authentication_plug.ex
+++ b/lib/pleroma/plugs/authentication_plug.ex
@@ -12,6 +12,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
   def call(conn, opts) do
     with {:ok, username, password} <- decode_header(conn),
          {:ok, user} <- opts[:fetcher].(username),
+         false <- !!user.info["deactivated"],
          saved_user_id <- get_session(conn, :user_id),
          {:ok, verified_user} <- verify(user, password, saved_user_id)
     do
@@ -44,7 +45,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
   defp decode_header(conn) do
     with ["Basic " <> header] <- get_req_header(conn, "authorization"),
          {:ok, userinfo} <- Base.decode64(header),
-         [username, password] <- String.split(userinfo, ":")
+         [username, password] <- String.split(userinfo, ":", parts: 2)
     do
       {:ok, username, password}
     end