From ce7965424d6ebdf2035cf9caecba0eb78ada788a Mon Sep 17 00:00:00 2001
From: joostdecock <joost@joost.at>
Date: Sun, 12 Nov 2023 12:18:04 +0100
Subject: [PATCH 1/2] fix(backend): Allow Oauth signing without consent. Fixes
 #5433

---
 sites/backend/src/models/user.mjs | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/sites/backend/src/models/user.mjs b/sites/backend/src/models/user.mjs
index 2eec2e853da..e648f037478 100644
--- a/sites/backend/src/models/user.mjs
+++ b/sites/backend/src/models/user.mjs
@@ -121,7 +121,7 @@ UserModel.prototype.oauthSignIn = async function ({ body }) {
     /*
      * Final check for account status and other things before returning
      */
-    const [ok, err, status] = this.isOk()
+    const [ok, err, status] = this.isOk(401, 'signInFailed', true)
     if (ok === true) return this.signInOk()
     else return this.setResponse(status, err)
   }
@@ -1819,7 +1819,7 @@ UserModel.prototype.isOk = function (
   if (
     this.exists &&
     this.record &&
-    this.record.status > 0 &&
+    (allowWithoutConsent || this.record.status > 0) &&
     (allowWithoutConsent || this.record.consent > 0) &&
     this.record.role &&
     this.record.role !== 'blocked'
@@ -1828,7 +1828,7 @@ UserModel.prototype.isOk = function (
 
   if (!this.exists) return [false, 'noSuchUser', 404]
   if (this.record.consent < 1 && !allowWithoutConsent) return [false, 'consentLacking', 451]
-  if (this.record.status < 1) return [false, 'statusLacking', 403]
+  if (this.record.status < 1 && !allowWithoutConsent) return [false, 'statusLacking', 403]
   if (this.record.role === 'blocked') return [false, 'accountBlocked', 403]
 
   return [false, failMsg, failStatus]

From c79b580512ba6d64faab04a4a0ab31f6b09e8306 Mon Sep 17 00:00:00 2001
From: joostdecock <joost@joost.at>
Date: Sun, 12 Nov 2023 12:22:05 +0100
Subject: [PATCH 2/2] chore: Remove lint

---
 sites/backend/src/models/user.mjs | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/sites/backend/src/models/user.mjs b/sites/backend/src/models/user.mjs
index e648f037478..add91fee088 100644
--- a/sites/backend/src/models/user.mjs
+++ b/sites/backend/src/models/user.mjs
@@ -1518,7 +1518,7 @@ UserModel.prototype.guardedMfaUpdate = async function ({ body, user, ip }) {
       this.clear.mfaSecret,
       this.clear.data.mfaScratchCodes
     )
-    let result, mfaScratchCodes
+    let result
     if (Array.isArray(check)) [result] = check
     else result = check
     if (result) {
@@ -1556,7 +1556,7 @@ UserModel.prototype.guardedMfaUpdate = async function ({ body, user, ip }) {
      * Verify secret and token
      */
     const check = await this.mfa.verify(body.token, this.clear.mfaSecret, false)
-    let result, mfaScratchCodes
+    let result
     if (Array.isArray(check)) [result] = check
     else result = check
     if (body.secret === this.clear.mfaSecret && result) {