User: Don't let deactivated users authenticate.

2019-11-11 12:37:13 +01:00 · 2019-11-11 12:37:13 +01:00 · 8521553ad9
parent 7438c177d9
commit 8521553ad9
2 changed files with 10 additions and 0 deletions
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@ -124,6 +124,9 @@ defmodule Pleroma.User do
    timestamps()
  end

+  @doc "Returns if the user should be allowed to authenticate"
+  def auth_active?(%User{deactivated: true}), do: false
+
  def auth_active?(%User{confirmation_pending: true}),
    do: !Pleroma.Config.get([:instance, :account_activation_required])

--- a/test/user_test.exs
+++ b/test/user_test.exs
@ -1195,6 +1195,13 @@ test "auth_active?/1 works correctly" do
    refute User.auth_active?(local_user)
    assert User.auth_active?(confirmed_user)
    assert User.auth_active?(remote_user)
+
+    # also shows unactive for deactivated users
+
+    deactivated_but_confirmed =
+      insert(:user, local: true, confirmation_pending: false, deactivated: true)
+
+    refute User.auth_active?(deactivated_but_confirmed)
  end

  describe "superuser?/1" do