Now disableing users while they're in the process of resetting their password

ref #40

src/models/actions/CreateResetToken.ts

@@ -1,6 +1,6 @@
 import { IsEmail, IsOptional, IsString } from 'class-validator';
 import { getConnectionManager } from 'typeorm';
-import { ResetAlreadyRequestedError, UserNotFoundError } from '../../errors/AuthError';
+import { ResetAlreadyRequestedError, UserDisabledError, UserNotFoundError } from '../../errors/AuthError';
 import { UsernameOrEmailNeededError } from '../../errors/UserErrors';
 import { JwtCreator } from '../../jwtcreator';
 import { User } from '../entities/User';
@@ -33,14 +33,13 @@ export class CreateResetToken {
             throw new UsernameOrEmailNeededError();
         }
         let found_user = await getConnectionManager().get().getRepository(User).findOne({ where: [{ username: this.username }, { email: this.email }] });
-        if (!found_user) {
-            throw new UserNotFoundError();
-        }
-
+        if (!found_user) { throw new UserNotFoundError(); }
+        if (found_user.enabled == false) { throw new UserDisabledError(); }
         if (found_user.resetRequestedTimestamp > (Math.floor(Date.now() / 1000) - 15 * 60)) { throw new ResetAlreadyRequestedError(); }
 
         found_user.refreshTokenCount = found_user.refreshTokenCount + 1;
         found_user.resetRequestedTimestamp = Math.floor(Date.now() / 1000);
+        found_user.enabled = false;
         await getConnectionManager().get().getRepository(User).save(found_user);
 
         //Create the reset