2019-05-17 18:21:11 +02:00
|
|
|
# Pleroma: A lightweight social networking server
|
2020-03-03 23:44:49 +01:00
|
|
|
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
|
2019-05-17 18:21:11 +02:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
defmodule Pleroma.Web.MongooseIM.MongooseIMController do
|
|
|
|
use Pleroma.Web, :controller
|
2019-09-17 15:16:11 +02:00
|
|
|
|
|
|
|
alias Pleroma.Plugs.RateLimiter
|
2019-05-17 18:21:11 +02:00
|
|
|
alias Pleroma.Repo
|
2019-05-17 18:32:30 +02:00
|
|
|
alias Pleroma.User
|
2019-05-17 18:21:11 +02:00
|
|
|
|
2019-11-11 13:13:06 +01:00
|
|
|
plug(RateLimiter, [name: :authentication] when action in [:user_exists, :check_password])
|
|
|
|
plug(RateLimiter, [name: :authentication, params: ["user"]] when action == :check_password)
|
2019-09-17 15:16:11 +02:00
|
|
|
|
2019-05-17 18:21:11 +02:00
|
|
|
def user_exists(conn, %{"user" => username}) do
|
2020-04-27 19:11:03 +02:00
|
|
|
with %User{} <- Repo.get_by(User, nickname: username, local: true, deactivated: false) do
|
2019-05-17 18:21:11 +02:00
|
|
|
conn
|
|
|
|
|> json(true)
|
|
|
|
else
|
|
|
|
_ ->
|
|
|
|
conn
|
|
|
|
|> put_status(:not_found)
|
|
|
|
|> json(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
def check_password(conn, %{"user" => username, "pass" => password}) do
|
2020-04-27 19:11:03 +02:00
|
|
|
with %User{password_hash: password_hash, deactivated: false} <-
|
|
|
|
Repo.get_by(User, nickname: username, local: true),
|
2020-05-12 23:42:24 +02:00
|
|
|
true <- Pbkdf2.verify_pass(password, password_hash) do
|
2020-04-27 19:11:03 +02:00
|
|
|
conn
|
|
|
|
|> json(true)
|
|
|
|
else
|
|
|
|
false ->
|
2019-05-17 18:21:11 +02:00
|
|
|
conn
|
2020-04-27 19:11:03 +02:00
|
|
|
|> put_status(:forbidden)
|
2019-05-17 18:21:11 +02:00
|
|
|
|> json(false)
|
|
|
|
|
2020-04-27 19:11:03 +02:00
|
|
|
_ ->
|
2019-05-17 18:21:11 +02:00
|
|
|
conn
|
|
|
|
|> put_status(:not_found)
|
|
|
|
|> json(false)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|