Disabled users get token while signup

[im-what-im]

While signing up with NEW_USER_DISABLED flag set to true, response is sent with a valid token.
While EMAIL_VERIFIED flag is honoured during the same, DISABLED flag is not.

However, when the user tries to re-login, a token does not get generated.

Similar to the handling of Email Verified flag, if Disabled flag is set, token should not be sent in response.

[stale]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

[dbarrosop]

Hello @im-what-im,
apologies for the late response. I just tried replicating this issue and I am afraid I couldn't. I started hasura-auth with:

AUTH_DISABLE_NEW_USERS: "true"

and then ran signed up a user:

$ curl -H "Content-Type: application/json" -X POST -d '{"email": "[email protected]", "password": "asd234sadqeA"}' https://local.auth.nhost.run/v1/signup/email-password
{"session":null,"mfa":null}

As you can see there is no session coming back. Would you mind providing step by step instructions to reproduce?

Thanks!