User: Don't let deactivated users authenticate.
This commit is contained in:
parent
7438c177d9
commit
8521553ad9
2 changed files with 10 additions and 0 deletions
|
@ -124,6 +124,9 @@ defmodule Pleroma.User do
|
|||
timestamps()
|
||||
end
|
||||
|
||||
@doc "Returns if the user should be allowed to authenticate"
|
||||
def auth_active?(%User{deactivated: true}), do: false
|
||||
|
||||
def auth_active?(%User{confirmation_pending: true}),
|
||||
do: !Pleroma.Config.get([:instance, :account_activation_required])
|
||||
|
||||
|
|
|
@ -1195,6 +1195,13 @@ test "auth_active?/1 works correctly" do
|
|||
refute User.auth_active?(local_user)
|
||||
assert User.auth_active?(confirmed_user)
|
||||
assert User.auth_active?(remote_user)
|
||||
|
||||
# also shows unactive for deactivated users
|
||||
|
||||
deactivated_but_confirmed =
|
||||
insert(:user, local: true, confirmation_pending: false, deactivated: true)
|
||||
|
||||
refute User.auth_active?(deactivated_but_confirmed)
|
||||
end
|
||||
|
||||
describe "superuser?/1" do
|
||||
|
|
Loading…
Reference in a new issue