Prevent unapproved users from logging in

This commit is contained in:
Alex Gleason 2020-07-12 20:15:27 -05:00
parent 51ab8d0128
commit e4e5577818
No known key found for this signature in database
GPG key ID: 7211D1F99744FBB7
2 changed files with 39 additions and 1 deletions

View file

@ -337,6 +337,16 @@ defmodule Pleroma.Web.OAuth.OAuthController do
) )
end end
defp handle_token_exchange_error(%Plug.Conn{} = conn, {:account_status, :approval_pending}) do
render_error(
conn,
:forbidden,
"Your account is awaiting approval.",
%{},
"awaiting_approval"
)
end
defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do defp handle_token_exchange_error(%Plug.Conn{} = conn, _error) do
render_invalid_credentials_error(conn) render_invalid_credentials_error(conn)
end end

View file

@ -19,7 +19,10 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
key: "_test", key: "_test",
signing_salt: "cooldude" signing_salt: "cooldude"
] ]
setup do: clear_config([:instance, :account_activation_required]) setup do
clear_config([:instance, :account_activation_required])
clear_config([:instance, :account_approval_required])
end
describe "in OAuth consumer mode, " do describe "in OAuth consumer mode, " do
setup do setup do
@ -995,6 +998,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
} }
end end
test "rejects token exchange for valid credentials belonging to an unapproved user and approval is required" do
Pleroma.Config.put([:instance, :account_approval_required], true)
password = "testpassword"
user = insert(:user, password_hash: Pbkdf2.hash_pwd_salt(password), approval_pending: true)
refute Pleroma.User.account_status(user) == :active
app = insert(:oauth_app)
conn =
build_conn()
|> post("/oauth/token", %{
"grant_type" => "password",
"username" => user.nickname,
"password" => password,
"client_id" => app.client_id,
"client_secret" => app.client_secret
})
assert resp = json_response(conn, 403)
assert %{"error" => _} = resp
refute Map.has_key?(resp, "access_token")
end
test "rejects an invalid authorization code" do test "rejects an invalid authorization code" do
app = insert(:oauth_app) app = insert(:oauth_app)