From 42f37db1a28268b01cc931d2a735364029869bf7 Mon Sep 17 00:00:00 2001
From: Zachary Sherwin <48960849+hello-woof@users.noreply.github.com>
Date: Fri, 13 Sep 2024 04:36:43 -0400
Subject: [PATCH] fix: return 403 on authy endpoints when user disabled (#318)

---
 server/prehandlers/disable-users.js | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/server/prehandlers/disable-users.js b/server/prehandlers/disable-users.js
index db046e2a..a4c77eab 100644
--- a/server/prehandlers/disable-users.js
+++ b/server/prehandlers/disable-users.js
@@ -7,7 +7,7 @@ const errorMessage = 'Access denied. You are not allowed create or sign in users
 export default async function disableUserHandler(request, reply) {
     const { url } = request;
 
-    if (adminSettings.get('disable_users') && (!authRegex.test(url) || !accountRegex.test(url))) {
+    if (adminSettings.get('disable_users') && (authRegex.test(url) || accountRegex.test(url))) {
         return reply.code(403).send({ error: errorMessage });
     }
 }