# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
alias Pleroma.Repo
alias Pleroma.User
- plug(RateLimiter, :authentication when action in [:user_exists, :check_password])
- plug(RateLimiter, {:authentication, params: ["user"]} when action == :check_password)
+ plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
+ plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
def user_exists(conn, %{"user" => username}) do
with %User{} <- Repo.get_by(User, nickname: username, local: true) do
end
def check_password(conn, %{"user" => username, "pass" => password}) do
- with %User{password_hash: password_hash} <-
- Repo.get_by(User, nickname: username, local: true),
- true <- Pbkdf2.checkpw(password, password_hash) do
- conn
- |> json(true)
- else
- false ->
+ user = Repo.get_by(User, nickname: username, local: true)
+
+ case User.account_status(user) do
+ :deactivated ->
conn
- |> put_status(:forbidden)
+ |> put_status(:not_found)
|> json(false)
- _ ->
+ :confirmation_pending ->
conn
|> put_status(:not_found)
|> json(false)
+
+ _ ->
+ with %User{password_hash: password_hash} <-
+ user,
+ true <- Pbkdf2.checkpw(password, password_hash) do
+ conn
+ |> json(true)
+ else
+ false ->
+ conn
+ |> put_status(:forbidden)
+ |> json(false)
+
+ _ ->
+ conn
+ |> put_status(:not_found)
+ |> json(false)
+ end
end
end
end
projects / akkoma / blobdiff