From ae8f4d675272a8053b6541ced2b883b722202bbb Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Tue, 31 Jan 2023 15:13:19 +1100
Subject: check pw and other auth before letting users undisable

---
 src/api/routes/auth/login.ts | 38 +++++++++++++++++++-------------------
 1 file changed, 19 insertions(+), 19 deletions(-)

diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index a7fcd4bc..2b97ec10 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -88,25 +88,6 @@ router.post(
 			});
 		});
 
-		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
-			if (user.deleted)
-				await User.update({ id: user.id }, { deleted: false });
-		} else {
-			if (user.deleted)
-				return res.status(400).json({
-					message: "This account is scheduled for deletion.",
-					code: 20011,
-				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
-		}
-
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,
@@ -169,6 +150,25 @@ router.post(
 			});
 		}
 
+		if (undelete) {
+			// undelete refers to un'disable' here
+			if (user.disabled)
+				await User.update({ id: user.id }, { disabled: false });
+			if (user.deleted)
+				await User.update({ id: user.id }, { deleted: false });
+		} else {
+			if (user.deleted)
+				return res.status(400).json({
+					message: "This account is scheduled for deletion.",
+					code: 20011,
+				});
+			if (user.disabled)
+				return res.status(400).json({
+					message: req.t("auth:login.ACCOUNT_DISABLED"),
+					code: 20013,
+				});
+		}
+
 		const token = await generateToken(user.id);
 
 		// Notice this will have a different token structure, than discord
-- 
cgit 1.4.1