invalidate authentication for locked accounts

2020-06-29 18:22:44 -04:00 · 2020-06-29 18:22:44 -04:00 · 9c6e900802
parent 9a77963823
commit 9c6e900802
1 changed files with 1 additions and 0 deletions
--- a/src/class/Security.ts
+++ b/src/class/Security.ts
@ -40,6 +40,7 @@ export default class Security {
      const res: any = jwt.verify(bearer, this.keys.key, { issuer: 'Library of Code sp-us | CSD' });
      const account = await this.client.db.Account.findOne({ _id: res.id });
      if (!account) return null;
+      if (account.locked) return null;
      if (account.revokedBearers?.includes(bearer)) return null;
      return account;
    } catch {