Merge remote-tracking branch 'origin/develop' into benchmark-finishing

[akkoma] / lib / pleroma / web / mongooseim / mongoose_im_controller.ex

diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 489d5d3a528dc89d6f4a7600055c8249fc4ba856..6ed181cffb78e43db51ba626837e482a086b10f0 100644 (file)
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@ -4,10 +4,15 @@
 
 defmodule Pleroma.Web.MongooseIM.MongooseIMController do
   use Pleroma.Web, :controller
+
   alias Comeonin.Pbkdf2
+  alias Pleroma.Plugs.RateLimiter
   alias Pleroma.Repo
   alias Pleroma.User
 
+  plug(RateLimiter, :authentication when action in [:user_exists, :check_password])
+  plug(RateLimiter, {:authentication, params: ["user"]} when action == :check_password)
+
   def user_exists(conn, %{"user" => username}) do
     with %User{} <- Repo.get_by(User, nickname: username, local: true) do
       conn
@@ -29,7 +34,7 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
     else
       false ->
         conn
-        |> put_status(403)
+        |> put_status(:forbidden)
         |> json(false)
 
       _ ->