diff options
author | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2023-01-01 12:59:45 +1100 |
---|---|---|
committer | Madeline <46743919+MaddyUnderStars@users.noreply.github.com> | 2023-01-01 12:59:45 +1100 |
commit | cd84412c92c447826ebb2668295d46956618d962 (patch) | |
tree | 4fc9c1ba07ed1b6eb8de526e4283227545e3c442 | |
parent | Allow Bearer tokens through, like Bot (diff) | |
download | server-cd84412c92c447826ebb2668295d46956618d962.tar.xz |
Don't let users undisable their accounts
-rw-r--r-- | src/api/routes/auth/login.ts | 14 |
1 files changed, 6 insertions, 8 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts index bbfb5425..b9cefe1a 100644 --- a/src/api/routes/auth/login.ts +++ b/src/api/routes/auth/login.ts @@ -66,9 +66,6 @@ router.post( }); if (undelete) { - // undelete refers to un'disable' here - if (user.disabled) - await User.update({ id: user.id }, { disabled: false }); if (user.deleted) await User.update({ id: user.id }, { deleted: false }); } else { @@ -77,13 +74,14 @@ router.post( message: "This account is scheduled for deletion.", code: 20011, }); - if (user.disabled) - return res.status(400).json({ - message: req.t("auth:login.ACCOUNT_DISABLED"), - code: 20013, - }); } + if (user.disabled) + return res.status(400).json({ + message: req.t("auth:login.ACCOUNT_DISABLED"), + code: 20013, + }); + // the salt is saved in the password refer to bcrypt docs const same_password = await bcrypt.compare( password, |