diff options
| author |  tsmethurst <tobi.smethurst@protonmail.com> | 2022-02-08 12:17:18 +0100 |
|---|---|---|
| committer | tsmethurst <tobi.smethurst@protonmail.com> | 2022-02-08 12:17:18 +0100 |
| commit | 4c294a596a9e0524f89b80e1608c3411f4fcf679 (patch) | |
| tree | 23851533a5f1adb5442fd7c3c034578c34cd3f0d /internal/api/security/tokencheck.go | |
| parent | update outdated comment (diff) | |
| parent | [chore] Drone config update (#383) (diff) | |
| download | gotosocial-4c294a596a9e0524f89b80e1608c3411f4fcf679.tar.xz | |
Merge branch 'main' into media_refactor
Diffstat (limited to 'internal/api/security/tokencheck.go')
| -rw-r--r-- | internal/api/security/tokencheck.go | 22 |
1 files changed, 22 insertions, 0 deletions
diff --git a/internal/api/security/tokencheck.go b/internal/api/security/tokencheck.go index b68f0b94f..e366af2ea 100644 --- a/internal/api/security/tokencheck.go +++ b/internal/api/security/tokencheck.go @@ -62,6 +62,22 @@ func (m *Module) TokenCheck(c *gin.Context) { l.Warnf("no user found for userID %s", userID) return } + + if user.ConfirmedAt.IsZero() { + l.Warnf("authenticated user %s has never confirmed thier email address", userID) + return + } + + if !user.Approved { + l.Warnf("authenticated user %s's account was never approved by an admin", userID) + return + } + + if user.Disabled { + l.Warnf("authenticated user %s's account was disabled'", userID) + return + } + c.Set(oauth.SessionAuthorizedUser, user) // fetch account for this token @@ -74,6 +90,12 @@ func (m *Module) TokenCheck(c *gin.Context) { l.Warnf("no account found for userID %s", userID) return } + + if !acct.SuspendedAt.IsZero() { + l.Warnf("authenticated user %s's account (accountId=%s) has been suspended", userID, user.AccountID) + return + } + c.Set(oauth.SessionAuthorizedAccount, acct) } |