check pw and other auth before letting users undisable

2024-11-25 11:43:07 +01:00 · 2023-01-31 15:13:19 +11:00 · 2023-01-31 15:13:19 +11:00 · b31ce62bd5
commit b31ce62bd5
parent 5ffa0a67f8
1 changed files with 19 additions and 19 deletions
--- a/src/api/routes/auth/login.ts
+++ b/src/api/routes/auth/login.ts
@ -88,25 +88,6 @@ router.post(
 			});
 		});

-		if (undelete) {
-			// undelete refers to un'disable' here
-			if (user.disabled)
-				await User.update({ id: user.id }, { disabled: false });
-			if (user.deleted)
-				await User.update({ id: user.id }, { deleted: false });
-		} else {
-			if (user.deleted)
-				return res.status(400).json({
-					message: "This account is scheduled for deletion.",
-					code: 20011,
-				});
-			if (user.disabled)
-				return res.status(400).json({
-					message: req.t("auth:login.ACCOUNT_DISABLED"),
-					code: 20013,
-				});
-		}
-
 		// the salt is saved in the password refer to bcrypt docs
 		const same_password = await bcrypt.compare(
 			password,
@ -169,6 +150,25 @@ router.post(
 			});
 		}

+		if (undelete) {
+			// undelete refers to un'disable' here
+			if (user.disabled)
+				await User.update({ id: user.id }, { disabled: false });
+			if (user.deleted)
+				await User.update({ id: user.id }, { deleted: false });
+		} else {
+			if (user.deleted)
+				return res.status(400).json({
+					message: "This account is scheduled for deletion.",
+					code: 20011,
+				});
+			if (user.disabled)
+				return res.status(400).json({
+					message: req.t("auth:login.ACCOUNT_DISABLED"),
+					code: 20013,
+				});
+		}
+
 		const token = await generateToken(user.id);

 		// Notice this will have a different token structure, than discord