Don't log in deactivated users.

lib/pleroma/plugs/authentication_plug.ex

@@ -12,6 +12,7 @@ defmodule Pleroma.Plugs.AuthenticationPlug do
   def call(conn, opts) do
     with {:ok, username, password} <- decode_header(conn),
          {:ok, user} <- opts[:fetcher].(username),
+         false <- !!user.info["deactivated"],
          saved_user_id <- get_session(conn, :user_id),
          {:ok, verified_user} <- verify(user, password, saved_user_id)
     do

lib/pleroma/plugs/oauth_plug.ex

@@ -16,7 +16,8 @@ defmodule Pleroma.Plugs.OAuthPlug do
             end
     with token when not is_nil(token) <- token,
          %Token{user_id: user_id} <- Repo.get_by(Token, token: token),
-         %User{} = user <- Repo.get(User, user_id) do
+         %User{} = user <- Repo.get(User, user_id),
+         false <- !!user.info["deactivated"] do
       conn
       |> assign(:user, user)
     else