UserEnabledPlug: Don't authenticate unconfirmed users.

This commit is contained in:
lain 2019-11-11 12:43:46 +01:00
parent 8521553ad9
commit f6056e9c9c
2 changed files with 24 additions and 3 deletions

View file

@ -10,9 +10,13 @@ def init(options) do
options options
end end
def call(%{assigns: %{user: %User{deactivated: true}}} = conn, _) do def call(%{assigns: %{user: %User{} = user}} = conn, _) do
conn if User.auth_active?(user) do
|> assign(:user, nil) conn
else
conn
|> assign(:user, nil)
end
end end
def call(conn, _) do def call(conn, _) do

View file

@ -16,6 +16,23 @@ test "doesn't do anything if the user isn't set", %{conn: conn} do
assert ret_conn == conn assert ret_conn == conn
end end
test "with a user that's not confirmed and a config requiring confirmation, it removes that user",
%{conn: conn} do
old = Pleroma.Config.get([:instance, :account_activation_required])
Pleroma.Config.put([:instance, :account_activation_required], true)
user = insert(:user, confirmation_pending: true)
conn =
conn
|> assign(:user, user)
|> UserEnabledPlug.call(%{})
assert conn.assigns.user == nil
Pleroma.Config.put([:instance, :account_activation_required], old)
end
test "with a user that is deactivated, it removes that user", %{conn: conn} do test "with a user that is deactivated, it removes that user", %{conn: conn} do
user = insert(:user, deactivated: true) user = insert(:user, deactivated: true)