3 files changed, 15 insertions, 22 deletions

diff --git a/package-lock.json b/package-lock.json
index d183ca94..d8e2d01d 100644
--- a/package-lock.json
+++ b/package-lock.json
@@ -9,7 +9,7 @@
 			"version": "1.0.0",
 			"license": "ISC",
 			"dependencies": {
-				"@fosscord/server-util": "^1.3.48",
+				"@fosscord/server-util": "^1.3.49",
 				"@types/jest": "^26.0.22",
 				"@types/json-schema": "^7.0.7",
 				"ajv": "^8.4.0",
@@ -680,9 +680,9 @@
 			}
 		},
 		"node_modules/@fosscord/server-util": {
-			"version": "1.3.48",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.48.tgz",
-			"integrity": "sha512-2UK/uplgbBksFCr5mFVqD1Z5DdcSSHj+SlKb3dHAUl2MfiU5ro24gf870ZcD/gZeesdbR3yEePRiYdnX4CzI+Q==",
+			"version": "1.3.49",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.49.tgz",
+			"integrity": "sha512-raWZu89X17mnNta4lAX++i5KjE8o/o4YUuP0Rnj+uFTWvvt5QQKYvCcxc7SgkezS3f5vSEcelJ/xZlJjvES4Pg==",
 			"dependencies": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
@@ -11573,9 +11573,9 @@
 			}
 		},
 		"@fosscord/server-util": {
-			"version": "1.3.48",
-			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.48.tgz",
-			"integrity": "sha512-2UK/uplgbBksFCr5mFVqD1Z5DdcSSHj+SlKb3dHAUl2MfiU5ro24gf870ZcD/gZeesdbR3yEePRiYdnX4CzI+Q==",
+			"version": "1.3.49",
+			"resolved": "https://registry.npmjs.org/@fosscord/server-util/-/server-util-1.3.49.tgz",
+			"integrity": "sha512-raWZu89X17mnNta4lAX++i5KjE8o/o4YUuP0Rnj+uFTWvvt5QQKYvCcxc7SgkezS3f5vSEcelJ/xZlJjvES4Pg==",
 			"requires": {
 				"@types/jsonwebtoken": "^8.5.0",
 				"@types/mongoose-autopopulate": "^0.10.1",
diff --git a/package.json b/package.json
index d225dba6..80e57e51 100644
--- a/package.json
+++ b/package.json
@@ -33,7 +33,7 @@
 	},
 	"homepage": "https://github.com/fosscord/fosscord-api#readme",
 	"dependencies": {
-		"@fosscord/server-util": "^1.3.48",
+		"@fosscord/server-util": "^1.3.49",
 		"@types/jest": "^26.0.22",
 		"@types/json-schema": "^7.0.7",
 		"ajv": "^8.4.0",
diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts
index 8d1a8df3..6c4e5e3e 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -47,27 +47,20 @@ router.post(
 
 		const user = await UserModel.findOne(
 			{ $or: query },
-			{
-				user_data: {
-					hash: true
-				},
-				id: true,
-				user_settings: {
-					locale: true,
-					theme: true
-				}
-			}
+			{ user_data: { hash: true }, id: true, disabled: true, deleted: true, user_settings: { locale: true, theme: true } }
 		)
 			.exec()
 			.catch((e) => {
 				throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
 			});
 
-		if (user.disabled && undelete) {
+		if (undelete) {
 			// undelete refers to un'disable' here
-			await UserModel.updateOne({ id: req.user_id }, { disabled: false }).exec();
-		} else if (user.disabled) {
-			return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
+			if (user.disabled) await UserModel.updateOne({ id: user.id }, { disabled: false }).exec();
+			if (user.deleted) await UserModel.updateOne({ id: user.id }, { deleted: false }).exec();
+		} else {
+			if (user.deleted) return res.status(400).json({ message: "This account is scheduled for deletion.", code: 20011 });
+			if (user.disabled) return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
 		}
 
 		// the salt is saved in the password refer to bcrypt docs