From 9c6e90080247a8f51430a5454fba6c80dc162e82 Mon Sep 17 00:00:00 2001
From: Matthew R <matthew@staff.libraryofcode.org>
Date: Mon, 29 Jun 2020 18:22:44 -0400
Subject: [PATCH] invalidate authentication for locked accounts

---
 src/class/Security.ts | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/class/Security.ts b/src/class/Security.ts
index 105b34a..bd00631 100644
--- a/src/class/Security.ts
+++ b/src/class/Security.ts
@@ -40,6 +40,7 @@ export default class Security {
       const res: any = jwt.verify(bearer, this.keys.key, { issuer: 'Library of Code sp-us | CSD' });
       const account = await this.client.db.Account.findOne({ _id: res.id });
       if (!account) return null;
+      if (account.locked) return null;
       if (account.revokedBearers?.includes(bearer)) return null;
       return account;
     } catch {