From 8521553ad92981e9939ce6ce2208db685ecd068c Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Mon, 11 Nov 2019 12:37:13 +0100
Subject: [PATCH] User: Don't let deactivated users authenticate.

---
 lib/pleroma/user.ex | 3 +++
 test/user_test.exs  | 7 +++++++
 2 files changed, 10 insertions(+)

diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex
index f8c2db1e1..fcb1d5143 100644
--- a/lib/pleroma/user.ex
+++ b/lib/pleroma/user.ex
@@ -124,6 +124,9 @@ defmodule Pleroma.User do
     timestamps()
   end
 
+  @doc "Returns if the user should be allowed to authenticate"
+  def auth_active?(%User{deactivated: true}), do: false
+
   def auth_active?(%User{confirmation_pending: true}),
     do: !Pleroma.Config.get([:instance, :account_activation_required])
 
diff --git a/test/user_test.exs b/test/user_test.exs
index 6b1b24ce5..8fdb6b25f 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -1195,6 +1195,13 @@ test "auth_active?/1 works correctly" do
     refute User.auth_active?(local_user)
     assert User.auth_active?(confirmed_user)
     assert User.auth_active?(remote_user)
+
+    # also shows unactive for deactivated users
+
+    deactivated_but_confirmed =
+      insert(:user, local: true, confirmation_pending: false, deactivated: true)
+
+    refute User.auth_active?(deactivated_but_confirmed)
   end
 
   describe "superuser?/1" do