defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller
- alias Comeonin.Pbkdf2
+ alias Pleroma.Plugs.AuthenticationPlug
alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo
alias Pleroma.User
plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
def user_exists(conn, %{"user" => username}) do
- with %User{} <- Repo.get_by(User, nickname: username, local: true) do
+ with %User{} <- Repo.get_by(User, nickname: username, local: true, deactivated: false) do
conn
|> json(true)
else
end
def check_password(conn, %{"user" => username, "pass" => password}) do
- user = Repo.get_by(User, nickname: username, local: true)
-
- case User.account_status(user) do
- :deactivated ->
+ with %User{password_hash: password_hash, deactivated: false} <-
+ Repo.get_by(User, nickname: username, local: true),
+ true <- AuthenticationPlug.checkpw(password, password_hash) do
+ conn
+ |> json(true)
+ else
+ false ->
conn
- |> put_status(:not_found)
+ |> put_status(:forbidden)
|> json(false)
- :confirmation_pending ->
+ _ ->
conn
|> put_status(:not_found)
|> json(false)
-
- _ ->
- with %User{password_hash: password_hash} <-
- user,
- true <- Pbkdf2.checkpw(password, password_hash) do
- conn
- |> json(true)
- else
- false ->
- conn
- |> put_status(:forbidden)
- |> json(false)
-
- _ ->
- conn
- |> put_status(:not_found)
- |> json(false)
- end
end
end
end
projects / akkoma / blobdiff