summary refs log tree commit diff
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2023-01-31 15:13:19 +1100
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2023-01-31 15:13:19 +1100
commitae8f4d675272a8053b6541ced2b883b722202bbb (patch)
treedb5ad82f649230d70eaaaba5c0a1e024d2e2c3d7
parentsubscribe clients to member events when they lazy request members (diff)
downloadserver-ae8f4d675272a8053b6541ced2b883b722202bbb.tar.xz
check pw and other auth before letting users undisable
-rw-r--r--src/api/routes/auth/login.ts38
1 files changed, 19 insertions, 19 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index a7fcd4bc..2b97ec10 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -88,25 +88,6 @@ router.post(
 			});
 		});
 
-		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
-			if (user.deleted)
-				await User.update({ id: user.id }, { deleted: false });
-		} else {
-			if (user.deleted)
-				return res.status(400).json({
-					message: "This account is scheduled for deletion.",
-					code: 20011,
-				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
-		}
-
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,
@@ -169,6 +150,25 @@ router.post(
 			});
 		}
 
+		if (undelete) {
+			// undelete refers to un'disable' here
+			if (user.disabled)
+				await User.update({ id: user.id }, { disabled: false });
+			if (user.deleted)
+				await User.update({ id: user.id }, { deleted: false });
+		} else {
+			if (user.deleted)
+				return res.status(400).json({
+					message: "This account is scheduled for deletion.",
+					code: 20011,
+				});
+			if (user.disabled)
+				return res.status(400).json({
+					message: req.t("auth:login.ACCOUNT_DISABLED"),
+					code: 20013,
+				});
+		}
+
 		const token = await generateToken(user.id);
 
 		// Notice this will have a different token structure, than discord