diff --git a/server/src/server.js b/server/src/server.js
index b63ad3a7..44759e7e 100644
--- a/server/src/server.js
+++ b/server/src/server.js
@@ -15,6 +15,7 @@ const morgan = require('morgan');
 
 const sleep = require('@/utils/sleep');
 const User = require('@/schemas/User');
+const findQuarantineEntry = require('@/utils/findQuarantineEntry');
 
 module.exports = class Server {
   constructor() {
@@ -110,6 +111,9 @@ module.exports = class Server {
 
           if (decoded.iat < Math.floor(new Date(user.lastLogoutAt).getTime() / 1000)) throw new Error('Token expired.');
 
+          const userQuarantined = await findQuarantineEntry.single('USER_ID', user.id, 'LOGIN').catch(() => false);
+          if (userQuarantined) throw new Error('User that this token belongs to is not allowed to login, so the token is invalid.');
+
           request.user = {
             id: decoded.payload.sub
           };