UserEnabledPlug: Don't authenticate unconfirmed users.

diff --git a/lib/pleroma/plugs/user_enabled_plug.ex b/lib/pleroma/plugs/user_enabled_plug.ex
index da892c28bda3d0419ab6dadb1148a315752ba11f..8d102ee5b8d47207aa1e527c79f47866326f9b90 100644 (file)
--- a/lib/pleroma/plugs/user_enabled_plug.ex
+++ b/lib/pleroma/plugs/user_enabled_plug.ex
@@ -10,9 +10,13 @@ defmodule Pleroma.Plugs.UserEnabledPlug do
     options
   end
 
-  def call(%{assigns: %{user: %User{info: %{deactivated: true}}}} = conn, _) do
-    conn
-    |> assign(:user, nil)
+  def call(%{assigns: %{user: %User{} = user}} = conn, _) do
+    if User.auth_active?(user) do
+      conn
+    else
+      conn
+      |> assign(:user, nil)
+    end
   end
 
   def call(conn, _) do

diff --git a/test/plugs/user_enabled_plug_test.exs b/test/plugs/user_enabled_plug_test.exs
index c0fafcab1fec842985234f55cdbdddb91c9ce982..3fb7c53167e601ee15d94d453420974a353fbee4 100644 (file)
--- a/test/plugs/user_enabled_plug_test.exs
+++ b/test/plugs/user_enabled_plug_test.exs
@@ -16,6 +16,23 @@ defmodule Pleroma.Plugs.UserEnabledPlugTest do
     assert ret_conn == conn
   end
 
+  test "with a user that's not confirmed and a config requiring confirmation, it removes that user",
+       %{conn: conn} do
+    old = Pleroma.Config.get([:instance, :account_activation_required])
+    Pleroma.Config.put([:instance, :account_activation_required], true)
+
+    user = insert(:user, confirmation_pending: true)
+
+    conn =
+      conn
+      |> assign(:user, user)
+      |> UserEnabledPlug.call(%{})
+
+    assert conn.assigns.user == nil
+
+    Pleroma.Config.put([:instance, :account_activation_required], old)
+  end
+
   test "with a user that is deactivated, it removes that user", %{conn: conn} do
     user = insert(:user, info: %{deactivated: true})