Don't let users undisable their accounts

author: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2023-01-01 12:59:45 +1100
committer: Madeline <46743919+MaddyUnderStars@users.noreply.github.com> 2023-01-01 12:59:45 +1100
commit: cd84412c92c447826ebb2668295d46956618d962 (patch)
tree: 4fc9c1ba07ed1b6eb8de526e4283227545e3c442
parent: Allow Bearer tokens through, like Bot (diff)
download: server-cd84412c92c447826ebb2668295d46956618d962.tar.xz
1 files changed, 6 insertions, 8 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index bbfb5425..b9cefe1a 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -66,9 +66,6 @@ router.post(
 		});
 
 		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
 			if (user.deleted)
 				await User.update({ id: user.id }, { deleted: false });
 		} else {
@@ -77,13 +74,14 @@ router.post(
 					message: "This account is scheduled for deletion.",
 					code: 20011,
 				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
 		}
 
+		if (user.disabled)
+			return res.status(400).json({
+				message: req.t("auth:login.ACCOUNT_DISABLED"),
+				code: 20013,
+			});
+
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,
author	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2023-01-01 12:59:45 +1100
committer	Madeline <46743919+MaddyUnderStars@users.noreply.github.com>	2023-01-01 12:59:45 +1100
commit	cd84412c92c447826ebb2668295d46956618d962 (patch)
tree	4fc9c1ba07ed1b6eb8de526e4283227545e3c442
parent	Allow Bearer tokens through, like Bot (diff)
download	server-cd84412c92c447826ebb2668295d46956618d962.tar.xz