X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fweb%2Fmongooseim%2Fmongoose_im_controller.ex;h=6cbbe8fd8dbb7ea1f879f4686a4a955f7671073e;hb=cc196e2cd57966889021342405ebc8fd0763e83a;hp=489d5d3a528dc89d6f4a7600055c8249fc4ba856;hpb=ad5263c647aea65dbeb4c329825671895e0a8863;p=akkoma
diff --git a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
index 489d5d3a5..6cbbe8fd8 100644
--- a/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
+++ b/lib/pleroma/web/mongooseim/mongoose_im_controller.ex
@@ -1,15 +1,20 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2019 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
use Pleroma.Web, :controller
- alias Comeonin.Pbkdf2
+
+ alias Pleroma.Plugs.AuthenticationPlug
+ alias Pleroma.Plugs.RateLimiter
alias Pleroma.Repo
alias Pleroma.User
+ plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
+ plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
+
def user_exists(conn, %{"user" => username}) do
- with %User{} <- Repo.get_by(User, nickname: username, local: true) do
+ with %User{} <- Repo.get_by(User, nickname: username, local: true, deactivated: false) do
conn
|> json(true)
else
@@ -21,15 +26,15 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
end
def check_password(conn, %{"user" => username, "pass" => password}) do
- with %User{password_hash: password_hash} <-
+ with %User{password_hash: password_hash, deactivated: false} <-
Repo.get_by(User, nickname: username, local: true),
- true <- Pbkdf2.checkpw(password, password_hash) do
+ true <- AuthenticationPlug.checkpw(password, password_hash) do
conn
|> json(true)
else
false ->
conn
- |> put_status(403)
+ |> put_status(:forbidden)
|> json(false)
_ ->