From b1e0b3c894d41fc479162893167b28e8b29a48a7 Mon Sep 17 00:00:00 2001
From: Kyle Drake <kyle@kyledrake.net>
Date: Wed, 9 Jul 2025 11:47:52 -0500
Subject: [PATCH] no password reset send/undelete for banned sites

---
 app/password_reset.rb | 14 +++++++++++++-
 1 file changed, 13 insertions(+), 1 deletion(-)

diff --git a/app/password_reset.rb b/app/password_reset.rb
index 4113d4aa..e6abd56a 100644
--- a/app/password_reset.rb
+++ b/app/password_reset.rb
@@ -12,6 +12,13 @@ post '/send_password_reset' do
 
   sites = Site.get_recovery_sites_with_email params[:email]
 
+  sites.each do |site|
+    if site.is_banned
+      flash[:error] = 'Sorry, we cannot restore this account.'
+      redirect '/'
+    end
+  end
+
   if sites.length > 0
     token = SecureRandom.uuid.gsub('-', '')+'-'+Time.now.to_i.to_s
     sites.each do |site|
@@ -70,9 +77,14 @@ get '/password_reset_confirm' do
     redirect '/'
   end
 
+  if reset_site.is_banned
+    flash[:error] = 'Sorry, we cannot restore this account.'
+    redirect '/'
+  end
+
   if reset_site.is_deleted
     unless reset_site.undelete!
-      flash[:error] = "Sorry, we cannot restore this account."
+      flash[:error] = 'Sorry, we cannot restore this account.'
       redirect '/'
     end
   end