1 files changed, 7 insertions, 14 deletions

diff --git a/src/routes/auth/login.ts b/src/routes/auth/login.ts

index 8d1a8df3..6c4e5e3e 100644
--- a/src/routes/auth/login.ts
+++ b/src/routes/auth/login.ts
@@ -47,27 +47,20 @@ router.post(
 
 		const user = await UserModel.findOne(
 			{ $or: query },
-			{
-				user_data: {
-					hash: true
-				},
-				id: true,
-				user_settings: {
-					locale: true,
-					theme: true
-				}
-			}
+			{ user_data: { hash: true }, id: true, disabled: true, deleted: true, user_settings: { locale: true, theme: true } }
 		)
 			.exec()
 			.catch((e) => {
 				throw FieldErrors({ login: { message: req.t("auth:login.INVALID_LOGIN"), code: "INVALID_LOGIN" } });
 			});
 
-		if (user.disabled && undelete) {
+		if (undelete) {
 			// undelete refers to un'disable' here
-			await UserModel.updateOne({ id: req.user_id }, { disabled: false }).exec();
-		} else if (user.disabled) {
-			return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
+			if (user.disabled) await UserModel.updateOne({ id: user.id }, { disabled: false }).exec();
+			if (user.deleted) await UserModel.updateOne({ id: user.id }, { deleted: false }).exec();
+		} else {
+			if (user.deleted) return res.status(400).json({ message: "This account is scheduled for deletion.", code: 20011 });
+			if (user.disabled) return res.status(400).json({ message: req.t("auth:login.ACCOUNT_DISABLED"), code: 20013 });
 		}
 
 		// the salt is saved in the password refer to bcrypt docs