From 62f0bd6b712e3431d8be68fa71a65097daef3729 Mon Sep 17 00:00:00 2001 From: Andrea Date: Wed, 25 May 2022 19:03:56 +0200 Subject: [PATCH] [user][ban] ensure no init emails get sent out to banned users --- server/routes/user.js | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/server/routes/user.js b/server/routes/user.js index ba1eb9ad..8b6eb380 100644 --- a/server/routes/user.js +++ b/server/routes/user.js @@ -314,6 +314,10 @@ router.post('/user/init', handleErrorAsync(async (req, res) => { return res.json({ error: 'user.account.changeEmail.invalid' }) } + if (await lookupBanArchive(req.db, 'email', payload)) { + throw 'banned'; + } + let codeKey; if (isTest) { codeKey = await saveAuthenticator(req.db, 'email', user, payload, 15);