From 8521553ad92981e9939ce6ce2208db685ecd068c Mon Sep 17 00:00:00 2001 From: lain Date: Mon, 11 Nov 2019 12:37:13 +0100 Subject: [PATCH] User: Don't let deactivated users authenticate. --- lib/pleroma/user.ex | 3 +++ test/user_test.exs | 7 +++++++ 2 files changed, 10 insertions(+) diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index f8c2db1e1..fcb1d5143 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -124,6 +124,9 @@ defmodule Pleroma.User do timestamps() end + @doc "Returns if the user should be allowed to authenticate" + def auth_active?(%User{deactivated: true}), do: false + def auth_active?(%User{confirmation_pending: true}), do: !Pleroma.Config.get([:instance, :account_activation_required]) diff --git a/test/user_test.exs b/test/user_test.exs index 6b1b24ce5..8fdb6b25f 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -1195,6 +1195,13 @@ defmodule Pleroma.UserTest do refute User.auth_active?(local_user) assert User.auth_active?(confirmed_user) assert User.auth_active?(remote_user) + + # also shows unactive for deactivated users + + deactivated_but_confirmed = + insert(:user, local: true, confirmation_pending: false, deactivated: true) + + refute User.auth_active?(deactivated_but_confirmed) end describe "superuser?/1" do -- 2.45.2