From 6ef7b0f130423df7cb814fc658360e9fa3bb8f8d Mon Sep 17 00:00:00 2001
From: Regev Brody <regevbr@gmail.com>
Date: Thu, 25 Jun 2020 01:15:36 +0300
Subject: [PATCH] fix: deactivated users can still refresh their token (#2105)

---
 server/models/users.js | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/server/models/users.js b/server/models/users.js
index 1c7a7ccd..470148c5 100644
--- a/server/models/users.js
+++ b/server/models/users.js
@@ -337,6 +337,10 @@ module.exports = class User extends Model {
         WIKI.logger.warn(`Failed to refresh token for user ${user}: Not found.`)
         throw new WIKI.Error.AuthGenericError()
       }
+      if (!user.isActive) {
+        WIKI.logger.warn(`Failed to refresh token for user ${user}: Inactive.`)
+        throw new WIKI.Error.AuthAccountBanned()
+      }
     } else if (_.isNil(user.groups)) {
       user.groups = await user.$relatedQuery('groups').select('groups.id', 'permissions')
     }