secure mongoose auth endpoint
This commit is contained in:
parent
dd4d10b275
commit
a626cb682c
@ -26,8 +26,22 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
||||
end
|
||||
|
||||
def check_password(conn, %{"user" => username, "pass" => password}) do
|
||||
user = Repo.get_by(User, nickname: username, local: true)
|
||||
|
||||
case User.account_status(user) do
|
||||
:deactivated ->
|
||||
conn
|
||||
|> put_status(:not_found)
|
||||
|> json(false)
|
||||
|
||||
:confirmation_pending ->
|
||||
conn
|
||||
|> put_status(:not_found)
|
||||
|> json(false)
|
||||
|
||||
_ ->
|
||||
with %User{password_hash: password_hash} <-
|
||||
Repo.get_by(User, nickname: username, local: true),
|
||||
user,
|
||||
true <- Pbkdf2.checkpw(password, password_hash) do
|
||||
conn
|
||||
|> json(true)
|
||||
@ -44,3 +58,4 @@ defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
||||
end
|
||||
end
|
||||
end
|
||||
end
|
||||
|
Loading…
Reference in New Issue
Block a user