squeegily/pleroma
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

secure mongoose auth endpoint

Browse Source
This commit is contained in:
fence 2020-04-27 17:55:33 +02:00
parent dd4d10b275
commit a626cb682c
1 changed files with 26 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
lib/pleroma/web/mongooseim/mongoose_im_controller.ex
View File

@ -26,8 +26,22 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
end end
def check_password(conn, %{"user" => username, "pass" => password}) do def check_password(conn, %{"user" => username, "pass" => password}) do
user = Repo.get_by(User, nickname: username, local: true)
case User.account_status(user) do
:deactivated ->
conn
|> put_status(:not_found)
|> json(false)
:confirmation_pending ->
conn
|> put_status(:not_found)
|> json(false)
_ ->
with %User{password_hash: password_hash} <- with %User{password_hash: password_hash} <-
Repo.get_by(User, nickname: username, local: true), user,
true <- Pbkdf2.checkpw(password, password_hash) do true <- Pbkdf2.checkpw(password, password_hash) do
conn conn
|> json(true) |> json(true)
@ -44,3 +58,4 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
end end
end end
end end
end