Fixed bug that allowed disabled user to authenticate successfully when using API token mode

Author: jaredhendrickson13

pfSense-pkg-API/files/etc/inc/api/framework/APIAuth.inc

@@ -88,8 +88,8 @@ class APIAuth {
 
         if (APITools\authenticate_token($this->request["client-id"], $this->request["client-token"]) === true) {
             $this->username = pack("H*", $this->request["client-id"]);
-            // Ensure user is not disabled
-            if (APITools\is_user_disabled($this->request["client-id"]) === false) {
+            # Ensure user is not disabled
+            if (APITools\is_user_disabled($this->username) === false) {
                 unset($_SESSION["Username"]);
                 $_SESSION["Username"] = $this->username;
                 return true;