User: Don't let deactivated users authenticate.

This commit is contained in:
lain 2019-11-11 12:37:13 +01:00
parent 7438c177d9
commit 8521553ad9
2 changed files with 10 additions and 0 deletions

View File

@ -124,6 +124,9 @@ defmodule Pleroma.User do
timestamps() timestamps()
end end
@doc "Returns if the user should be allowed to authenticate"
def auth_active?(%User{deactivated: true}), do: false
def auth_active?(%User{confirmation_pending: true}), def auth_active?(%User{confirmation_pending: true}),
do: !Pleroma.Config.get([:instance, :account_activation_required]) do: !Pleroma.Config.get([:instance, :account_activation_required])

View File

@ -1195,6 +1195,13 @@ defmodule Pleroma.UserTest do
refute User.auth_active?(local_user) refute User.auth_active?(local_user)
assert User.auth_active?(confirmed_user) assert User.auth_active?(confirmed_user)
assert User.auth_active?(remote_user) assert User.auth_active?(remote_user)
# also shows unactive for deactivated users
deactivated_but_confirmed =
insert(:user, local: true, confirmation_pending: false, deactivated: true)
refute User.auth_active?(deactivated_but_confirmed)
end end
describe "superuser?/1" do describe "superuser?/1" do