User: Don't let deactivated users authenticate.

author lain <lain@soykaf.club>

Mon, 11 Nov 2019 11:37:13 +0000 (12:37 +0100)

committer lain <lain@soykaf.club>

Mon, 11 Nov 2019 11:37:38 +0000 (12:37 +0100)
author lain <lain@soykaf.club>
Mon, 11 Nov 2019 11:37:13 +0000 (12:37 +0100)
committer lain <lain@soykaf.club>
Mon, 11 Nov 2019 11:37:38 +0000 (12:37 +0100)
diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex

index f8c2db1e1ebc3b1128c288db28f2229970d1c779..fcb1d5143942bc7738aff01ca8ecf70ca7166181 100644 (file)
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -124,6 +124,9 @@ defmodule Pleroma.User do
      timestamps()
    end
  
+  @doc "Returns if the user should be allowed to authenticate"
+  def auth_active?(%User{deactivated: true}), do: false
+
    def auth_active?(%User{confirmation_pending: true}),
      do: !Pleroma.Config.get([:instance, :account_activation_required])
  
diff --git a/test/user_test.exs b/test/user_test.exs

index 6b1b24ce5fd2ef5693937bd867b067fe420d5bd3..8fdb6b25fc2f2bba9916d8bfdc32c4924fb00bf4 100644 (file)
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -1195,6 +1195,13 @@ defmodule Pleroma.UserTest do
      refute User.auth_active?(local_user)
      assert User.auth_active?(confirmed_user)
      assert User.auth_active?(remote_user)
+
+    # also shows unactive for deactivated users
+
+    deactivated_but_confirmed =
+      insert(:user, local: true, confirmation_pending: false, deactivated: true)
+
+    refute User.auth_active?(deactivated_but_confirmed)
    end
  
    describe "superuser?/1" do
author	lain <lain@soykaf.club>
	Mon, 11 Nov 2019 11:37:13 +0000 (12:37 +0100)
committer	lain <lain@soykaf.club>
	Mon, 11 Nov 2019 11:37:38 +0000 (12:37 +0100)
lib/pleroma/user.ex		patch \| blob \| history
test/user_test.exs		patch \| blob \| history