fix: prevent email confirmation from re-enabling admin-disabled accounts

This commit is contained in:
kolaente 2026-03-20 10:13:28 +01:00 committed by kolaente
parent 2260d763b5
commit 049f4a6be4
1 changed files with 4 additions and 0 deletions

View File

@ -47,6 +47,10 @@ func ConfirmEmail(s *xorm.Session, c *EmailConfirm) (err error) {
return
}
if user.Status == StatusDisabled {
return &ErrAccountDisabled{UserID: user.ID}
}
user.Status = StatusActive
err = removeTokens(s, user, TokenEmailConfirm)
if err != nil {