fix: prevent email confirmation from re-enabling admin-disabled accounts
This commit is contained in:
parent
2260d763b5
commit
049f4a6be4
|
|
@ -47,6 +47,10 @@ func ConfirmEmail(s *xorm.Session, c *EmailConfirm) (err error) {
|
|||
return
|
||||
}
|
||||
|
||||
if user.Status == StatusDisabled {
|
||||
return &ErrAccountDisabled{UserID: user.ID}
|
||||
}
|
||||
|
||||
user.Status = StatusActive
|
||||
err = removeTokens(s, user, TokenEmailConfirm)
|
||||
if err != nil {
|
||||
|
|
|
|||
Loading…
Reference in New Issue