hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Disallow password resets for deactivated accounts.

Browse source 
Ensure all responses to password reset events are identical.
This commit is contained in:
Mark Felder 2020-09-02 09:09:13 -05:00
commit cbf7f0e029
4 changed files with 23 additions and 27 deletions
Download patch file Download diff file Expand all files Collapse all files

13
lib/pleroma/web/twitter_api/twitter_api.ex
View file

@ -72,7 +72,7 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
def password_reset(nickname_or_email) do
with true <- is_binary(nickname_or_email),
%User{local: true, email: email} = user when is_binary(email) <-
%User{local: true, email: email, deactivated: false} = user when is_binary(email) <-
User.get_by_nickname_or_email(nickname_or_email),
{:ok, token_record} <- Pleroma.PasswordResetToken.create_token(user) do
user
@ -81,17 +81,8 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPI do
{:ok, :enqueued}
else
false ->
{:error, "bad user identifier"}
%User{local: true, email: nil} ->
_ ->
{:ok, :noop}
%User{local: false} ->
{:error, "remote user"}
nil ->
{:error, "unknown user"}
end
end