Don't log in deactivated users.
This commit is contained in:
parent
e31a5ff4af
commit
0ec5aeb8a7
3 changed files with 30 additions and 1 deletions
|
@ -12,6 +12,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
|
||||||
def call(conn, opts) do
|
def call(conn, opts) do
|
||||||
with {:ok, username, password} <- decode_header(conn),
|
with {:ok, username, password} <- decode_header(conn),
|
||||||
{:ok, user} <- opts[:fetcher].(username),
|
{:ok, user} <- opts[:fetcher].(username),
|
||||||
|
false <- !!user.info["deactivated"],
|
||||||
saved_user_id <- get_session(conn, :user_id),
|
saved_user_id <- get_session(conn, :user_id),
|
||||||
{:ok, verified_user} <- verify(user, password, saved_user_id)
|
{:ok, verified_user} <- verify(user, password, saved_user_id)
|
||||||
do
|
do
|
||||||
|
|
|
@ -16,7 +16,8 @@ defmodule Pleroma.Plugs.OAuthPlug do
|
||||||
end
|
end
|
||||||
with token when not is_nil(token) <- token,
|
with token when not is_nil(token) <- token,
|
||||||
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
|
%Token{user_id: user_id} <- Repo.get_by(Token, token: token),
|
||||||
%User{} = user <- Repo.get(User, user_id) do
|
%User{} = user <- Repo.get(User, user_id),
|
||||||
|
false <- !!user.info["deactivated"] do
|
||||||
conn
|
conn
|
||||||
|> assign(:user, user)
|
|> assign(:user, user)
|
||||||
else
|
else
|
||||||
|
|
|
@ -14,6 +14,13 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
|
||||||
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
|
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@deactivated %User{
|
||||||
|
id: 1,
|
||||||
|
name: "dude",
|
||||||
|
password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
|
||||||
|
info: %{"deactivated" => true}
|
||||||
|
}
|
||||||
|
|
||||||
@session_opts [
|
@session_opts [
|
||||||
store: :cookie,
|
store: :cookie,
|
||||||
key: "_test",
|
key: "_test",
|
||||||
|
@ -131,6 +138,26 @@ defmodule Pleroma.Plugs.AuthenticationPlugTest do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
describe "with a correct authorization header for an deactiviated user" do
|
||||||
|
test "it halts the appication", %{conn: conn} do
|
||||||
|
opts = %{
|
||||||
|
optional: false,
|
||||||
|
fetcher: fn _ -> @deactivated end
|
||||||
|
}
|
||||||
|
|
||||||
|
header = basic_auth_enc("dude", "guy")
|
||||||
|
|
||||||
|
conn = conn
|
||||||
|
|> Plug.Session.call(Plug.Session.init(@session_opts))
|
||||||
|
|> fetch_session
|
||||||
|
|> put_req_header("authorization", header)
|
||||||
|
|> AuthenticationPlug.call(opts)
|
||||||
|
|
||||||
|
assert conn.status == 403
|
||||||
|
assert conn.halted == true
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe "with a user_id in the session for an existing user" do
|
describe "with a user_id in the session for an existing user" do
|
||||||
test "it assigns the user", %{conn: conn} do
|
test "it assigns the user", %{conn: conn} do
|
||||||
opts = %{
|
opts = %{
|
||||||
|
|
Loading…
Reference in a new issue