Don't let users undisable their accounts

2026-05-25 22:54:51 +00:00 · 2023-01-01 12:59:45 +11:00
parent 4b518774b1
commit 52840f4f98
1 changed files with 6 additions and 8 deletions
@@ -66,9 +66,6 @@ router.post(
 		});

 		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
 			if (user.deleted)
 				await User.update({ id: user.id }, { deleted: false });
 		} else {
@@ -77,13 +74,14 @@ router.post(
 					message: "This account is scheduled for deletion.",
 					code: 20011,
 				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
 		}

+		if (user.disabled)
+			return res.status(400).json({
+				message: req.t("auth:login.ACCOUNT_DISABLED"),
+				code: 20013,
+			});
+
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,