Skip to content

Commit

Permalink
Fix blocked users being able to sign in using forgot password
Browse files Browse the repository at this point in the history 
Signed-off-by: Derrick Mehaffy <derrickmehaffy@gmail.com>
  • Loading branch information
@derrickmehaffy
derrickmehaffy committed Aug 23, 2021
1 parent 5202c4e commit c1329f2
Showing 1 changed file with 5 additions and 0 deletions.
5 changes: 5 additions & 0 deletions packages/strapi-plugin-users-permissions/controllers/Auth.js
View file
Original file line number Diff line number Diff line change
Expand Up @@ -310,6 +310,11 @@ module.exports = {
);
}

// User blocked
if (user.blocked) {
return ctx.badRequest('blocked.user');
}

// Generate random token.
const resetPasswordToken = crypto.randomBytes(64).toString('hex');

Expand Down

0 comments on commit c1329f2

Please sign in to comment.