From cd84412c92c447826ebb2668295d46956618d962 Mon Sep 17 00:00:00 2001
From: Madeline <46743919+MaddyUnderStars@users.noreply.github.com>
Date: Sun, 1 Jan 2023 12:59:45 +1100
Subject: Don't let users undisable their accounts

---
 src/api/routes/auth/login.ts | 14 ++++++--------
 1 file changed, 6 insertions(+), 8 deletions(-)

diff --git a/src/api/routes/auth/login.ts b/src/api/routes/auth/login.ts
index bbfb5425..b9cefe1a 100644
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@@ -66,9 +66,6 @@ router.post(
 		});
 
 		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
 			if (user.deleted)
 				await User.update({ id: user.id }, { deleted: false });
 		} else {
@@ -77,13 +74,14 @@ router.post(
 					message: "This account is scheduled for deletion.",
 					code: 20011,
 				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
 		}
 
+		if (user.disabled)
+			return res.status(400).json({
+				message: req.t("auth:login.ACCOUNT_DISABLED"),
+				code: 20013,
+			});
+
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,
-- 
cgit 1.4.1