|
|
@@ -152,6 +152,7 @@ defmodule Pleroma.Web.OAuth.OAuthController do |
|
|
|
with {_, {:ok, %User{} = user}} <- {:get_user, Authenticator.get_user(conn)}, |
|
|
|
%App{} = app <- get_app_from_request(conn, params), |
|
|
|
{:auth_active, true} <- {:auth_active, User.auth_active?(user)}, |
|
|
|
{:user_active, true} <- {:user_active, !user.info.deactivated}, |
|
|
|
scopes <- oauth_scopes(params, app.scopes), |
|
|
|
[] <- scopes -- app.scopes, |
|
|
|
true <- Enum.any?(scopes), |
|
|
@@ -175,6 +176,11 @@ defmodule Pleroma.Web.OAuth.OAuthController do |
|
|
|
|> put_status(:forbidden) |
|
|
|
|> json(%{error: "Your login is missing a confirmed e-mail address"}) |
|
|
|
|
|
|
|
{:user_active, false} -> |
|
|
|
conn |
|
|
|
|> put_status(:forbidden) |
|
|
|
|> json(%{error: "Your account is currently disabled"}) |
|
|
|
|
|
|
|
_error -> |
|
|
|
put_status(conn, 400) |
|
|
|
|> json(%{error: "Invalid credentials"}) |
|
|
|