def call(conn, opts) do
with {:ok, username, password} <- decode_header(conn),
{:ok, user} <- opts[:fetcher].(username),
+ false <- !!user.info["deactivated"],
saved_user_id <- get_session(conn, :user_id),
{:ok, verified_user} <- verify(user, password, saved_user_id)
do
end
with token when not is_nil(token) <- token,
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
- %User{} = user <- Repo.get(User, user_id) do
+ %User{} = user <- Repo.get(User, user_id),
+ false <- !!user.info["deactivated"] do
conn
|> assign(:user, user)
else
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
}
+ @deactivated %User{
+ id: 1,
+ name: "dude",
+ password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
+ info: %{"deactivated" => true}
+ }
+
@session_opts [
store: :cookie,
key: "_test",
end
end
+ describe "with a correct authorization header for an deactiviated user" do
+ test "it halts the appication", %{conn: conn} do
+ opts = %{
+ optional: false,
+ fetcher: fn _ -> @deactivated end
+ }
+
+ header = basic_auth_enc("dude", "guy")
+
+ conn = conn
+ |> Plug.Session.call(Plug.Session.init(@session_opts))
+ |> fetch_session
+ |> put_req_header("authorization", header)
+ |> AuthenticationPlug.call(opts)
+
+ assert conn.status == 403
+ assert conn.halted == true
+ end
+ end
+
describe "with a user_id in the session for an existing user" do
test "it assigns the user", %{conn: conn} do
opts = %{
projects / akkoma / commitdiff