akkoma/lib/pleroma/web/mongooseim/mongoose_im_controller.ex

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.MongooseIM.MongooseIMController do
  use Pleroma.Web, :controller

  alias Comeonin.Pbkdf2
  alias Pleroma.Plugs.RateLimiter
  alias Pleroma.Repo
  alias Pleroma.User

  plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
  plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)

  def user_exists(conn, %{"user" => username}) do
    with %User{} <- Repo.get_by(User, nickname: username, local: true) do
      conn
      |> json(true)
    else
      _ ->
        conn
        |> put_status(:not_found)
        |> json(false)
    end
  end

  def check_password(conn, %{"user" => username, "pass" => password}) do
    user = Repo.get_by(User, nickname: username, local: true)
    
    state = case user do
      nil -> nil
      _ -> User.account_status(user)
    end

    case state do
      :deactivated ->
        conn
        |> put_status(:not_found)
        |> json(false)

      :confirmation_pending ->
        conn
        |> put_status(:not_found)
        |> json(false)

      _ ->
        with %User{password_hash: password_hash} <-
               user,
             true <- Pbkdf2.checkpw(password, password_hash) do
          conn
          |> json(true)
        else
          false ->
            conn
            |> put_status(:forbidden)
            |> json(false)

          _ ->
            conn
            |> put_status(:not_found)
            |> json(false)
        end
    end
  end
end
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`# Pleroma: A lightweight social networking server`
Update Copyrights 2020-03-03 22:44:49 +00:00			`# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`# SPDX-License-Identifier: AGPL-3.0-only`

			`defmodule Pleroma.Web.MongooseIM.MongooseIMController do`
			`use Pleroma.Web, :controller`
[#1260] Rate-limiting for create authentication and related requests. 2019-09-17 13:16:11 +00:00
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`alias Comeonin.Pbkdf2`
[#1260] Rate-limiting for create authentication and related requests. 2019-09-17 13:16:11 +00:00			`alias Pleroma.Plugs.RateLimiter`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`alias Pleroma.Repo`
Linting. 2019-05-17 16:32:30 +00:00			`alias Pleroma.User`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00
New rate limiter 2019-11-11 12:13:06 +00:00			`plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])`
			`plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)`
[#1260] Rate-limiting for create authentication and related requests. 2019-09-17 13:16:11 +00:00
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`def user_exists(conn, %{"user" => username}) do`
			`with %User{} <- Repo.get_by(User, nickname: username, local: true) do`
			`conn`
			`\|> json(true)`
			`else`
			`_ ->`
			`conn`
			`\|> put_status(:not_found)`
			`\|> json(false)`
			`end`
			`end`

			`def check_password(conn, %{"user" => username, "pass" => password}) do`
secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00			`user = Repo.get_by(User, nickname: username, local: true)`
add tests for deactivated users for mongoose auth 2020-04-27 16:31:00 +00:00
			`state = case user do`
			`nil -> nil`
			`_ -> User.account_status(user)`
			`end`
secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00
add tests for deactivated users for mongoose auth 2020-04-27 16:31:00 +00:00			`case state do`
secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00			`:deactivated ->`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`conn`
secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00			`\|> put_status(:not_found)`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`\|> json(false)`

secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00			`:confirmation_pending ->`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`conn`
			`\|> put_status(:not_found)`
			`\|> json(false)`
secure mongoose auth endpoint 2020-04-27 15:55:33 +00:00
			`_ ->`
			`with %User{password_hash: password_hash} <-`
			`user,`
			`true <- Pbkdf2.checkpw(password, password_hash) do`
			`conn`
			`\|> json(true)`
			`else`
			`false ->`
			`conn`
			`\|> put_status(:forbidden)`
			`\|> json(false)`

			`_ ->`
			`conn`
			`\|> put_status(:not_found)`
			`\|> json(false)`
			`end`
MongooseIM: Add basic integration endpoints. 2019-05-17 16:21:11 +00:00			`end`
			`end`
			`end`