forked from AkkomaGang/akkoma
Prevent unapproved users from logging in
This commit is contained in:
Alex Gleason
parent
51ab8d0128
commit
e4e5577818
2 changed files with 39 additions and 1 deletions
|
|
@ -337,6 +337,16 @@ defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :confirm
|
||||||
)
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :approval_pending}) do
|
||||||
|
render_error(
|
||||||
|
conn,
|
||||||
|
:forbidden,
|
||||||
|
"Your account is awaiting approval.",
|
||||||
|
%{},
|
||||||
|
"awaiting_approval"
|
||||||
|
)
|
||||||
|
end
|
||||||
|
|
||||||
defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do
|
defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do
|
||||||
render_invalid_credentials_error(conn)
|
render_invalid_credentials_error(conn)
|
||||||
end
|
end
|
||||||
|
|
|
||||||
|
|
@ -19,7 +19,10 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
|
||||||
key: "_test",
|
key: "_test",
|
||||||
signing_salt: "cooldude"
|
signing_salt: "cooldude"
|
||||||
]
|
]
|
||||||
setup do: clear_config([:instance, :account_activation_required])
|
setup do
|
||||||
|
clear_config([:instance, :account_activation_required])
|
||||||
|
clear_config([:instance, :account_approval_required])
|
||||||
|
end
|
||||||
|
|
||||||
describe "in OAuth consumer mode, " do
|
describe "in OAuth consumer mode, " do
|
||||||
setup do
|
setup do
|
||||||
|
|
@ -995,6 +998,31 @@ test "rejects token exchange for user with confirmation_pending set to true" do
|
||||||
}
|
}
|
||||||
end
|
end
|
||||||
|
|
||||||
|
test "rejects token exchange for valid credentials belonging to an unapproved user and approval is required" do
|
||||||
|
Pleroma.Config.put([:instance, :account_approval_required], true)
|
||||||
|
password = "testpassword"
|
||||||
|
|
||||||
|
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password), approval_pending: true)
|
||||||
|
|
||||||
|
refute Pleroma.User.account_status(user) == :active
|
||||||
|
|
||||||
|
app = insert(:oauth_app)
|
||||||
|
|
||||||
|
conn =
|
||||||
|
build_conn()
|
||||||
|
|> post("/oauth/token", %{
|
||||||
|
"grant_type" => "password",
|
||||||
|
"username" => user.nickname,
|
||||||
|
"password" => password,
|
||||||
|
"client_id" => app.client_id,
|
||||||
|
"client_secret" => app.client_secret
|
||||||
|
})
|
||||||
|
|
||||||
|
assert resp = json_response(conn, 403)
|
||||||
|
assert %{"error" => _} = resp
|
||||||
|
refute Map.has_key?(resp, "access_token")
|
||||||
|
end
|
||||||
|
|
||||||
test "rejects an invalid authorization code" do
|
test "rejects an invalid authorization code" do
|
||||||
app = insert(:oauth_app)
|
app = insert(:oauth_app)
|
||||||
|
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue