From 6eaebc3108ae0301de5f6a21aacdb0fa7e47e626 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9rgio=20Salgado?= <sergiodiassalgado@gmail.com>
Date: Fri, 16 Apr 2021 19:40:05 +0100
Subject: [PATCH] fix: login with disabled used

---
 lib/new-admin/graphql/modules/authentication.js | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/lib/new-admin/graphql/modules/authentication.js b/lib/new-admin/graphql/modules/authentication.js
index 9abe8f4f..f65aad3f 100644
--- a/lib/new-admin/graphql/modules/authentication.js
+++ b/lib/new-admin/graphql/modules/authentication.js
@@ -1,6 +1,5 @@
 const otplib = require('otplib')
 const bcrypt = require('bcrypt')
-const { AuthenticationError } = require('apollo-server-express')
 
 const loginHelper = require('../../services/login')
 const T = require('../../../time')
@@ -14,7 +13,7 @@ function authenticateUser(username, password) {
   return users.getUserByUsername(username)
     .then(user => {
       const hashedPassword = user.password
-      if (!hashedPassword) throw new authErrors.InvalidCredentialsError()
+      if (!hashedPassword || !user.enabled) throw new authErrors.InvalidCredentialsError()
       return Promise.all([bcrypt.compare(password, hashedPassword), hashedPassword])
     })
     .then(([isMatch, hashedPassword]) => {