summary refs log tree commit diff
path: root/src
diff options
context:
space:
mode:
authorMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2023-01-01 12:59:45 +1100
committerMadeline <46743919+MaddyUnderStars@users.noreply.github.com>2023-01-01 12:59:45 +1100
commitcd84412c92c447826ebb2668295d46956618d962 (patch)
tree4fc9c1ba07ed1b6eb8de526e4283227545e3c442 /src
parentAllow Bearer tokens through, like Bot (diff)
downloadserver-cd84412c92c447826ebb2668295d46956618d962.tar.xz
Don't let users undisable their accounts
Diffstat (limited to 'src')
-rw-r--r--src/api/routes/auth/login.ts14
1 files changed, 6 insertions, 8 deletions
diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index bbfb5425..b9cefe1a 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -66,9 +66,6 @@ router.post(
 		});
 
 		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
 			if (user.deleted)
 				await User.update({ id: user.id }, { deleted: false });
 		} else {
@@ -77,13 +74,14 @@ router.post(
 					message: "This account is scheduled for deletion.",
 					code: 20011,
 				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
 		}
 
+		if (user.disabled)
+			return res.status(400).json({
+				message: req.t("auth:login.ACCOUNT_DISABLED"),
+				code: 20013,
+			});
+
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,