api/middleware: update authorizator to check both email & account stat

postables · postables · commit 25376aba1ebf · 2020-04-17T19:00:47.000-07:00
diff --git a/api/middleware/jwt.go b/api/middleware/jwt.go
@@ -62,7 +62,10 @@ func JwtConfigGenerate(jwtKey, realmName string, db *gorm.DB, l *zap.SugaredLogg
 			if err != nil {
 				return false
 			}
-			return usr.EmailEnabled
+			if usr.EmailEnabled && usr.AccountEnabled {
+				return true
+			}
+			return false
 		},
 		Unauthorized: func(c *gin.Context, code int, message string) {
 			l.Error("invalid login detected")
