changing admin API calls to return 404 if unauthenticated, and redirect user to login for regular URL. closes #1885

src/middleware/admin.js

@@ -16,7 +16,9 @@ var app,
 
 middleware.isAdmin = function(req, res, next) {
 	if (!req.user) {
-		return res.redirect(nconf.get('relative_path') + '/login?next=admin');
+		return res.json(404, {
+			error: 'not-found'
+		});
 	}
 
 	user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {

src/middleware/middleware.js

@@ -15,6 +15,7 @@ var app,
 	categories = require('./../categories'),
 	topics = require('./../topics'),
 	messaging = require('../messaging'),
+	ensureLoggedIn = require('connect-ensure-login'),
 
 	controllers = {
 		api: require('./../controllers/api')
@@ -32,6 +33,8 @@ middleware.authenticate = function(req, res, next) {
 	}
 };
 
+middleware.ensureLoggedIn = ensureLoggedIn.ensureLoggedIn();
+
 middleware.updateLastOnlineTime = function(req, res, next) {
 	if(req.user) {
 		user.updateLastOnlineTime(req.user.uid);

src/routes/authentication.js

@@ -177,7 +177,7 @@
 						}
 
 						app.get(strategy.callbackURL, passport.authenticate(strategy.name, {
-							successRedirect: nconf.get('relative_path') + '/',
+							successReturnToOrRedirect: nconf.get('relative_path') + '/',
 							failureRedirect: nconf.get('relative_path') + '/login'
 						}));
 					}

src/routes/index.js

@@ -163,7 +163,7 @@ module.exports = function(app, middleware) {
 
 	app.all(relativePath + '/api/?*', middleware.updateLastOnlineTime, middleware.prepareAPI);
 	app.all(relativePath + '/api/admin/*', middleware.admin.isAdmin, middleware.prepareAPI);
-	app.all(relativePath + '/admin/?*', middleware.admin.isAdmin);
+	app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.admin.isAdmin);
 
 	adminRoutes(router, middleware, controllers);
 	metaRoutes(router, middleware, controllers);