From 298d904d454c6953473729d4f85d15ebc74e9c51 Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Sun, 31 Aug 2014 22:41:13 -0400 Subject: [PATCH] refactored login process to be a form submit instead of ajax-redirect, implemented error message parsing using req.flash --- public/language/en_GB/error.json | 2 +- public/src/forum/login.js | 51 -------------------------------- src/controllers/index.js | 5 +--- src/routes/authentication.js | 29 +++++++++++++----- 4 files changed, 24 insertions(+), 63 deletions(-) diff --git a/public/language/en_GB/error.json b/public/language/en_GB/error.json index 7c457eb497..df1654ba17 100644 --- a/public/language/en_GB/error.json +++ b/public/language/en_GB/error.json @@ -15,6 +15,7 @@ "invalid-title": "Invalid title", "invalid-user-data": "Invalid User Data", "invalid-password": "Invalid Password", + "invalid-username-or-password": "Please specify both a username and password", "invalid-pagination-value": "Invalid pagination value", @@ -31,7 +32,6 @@ "no-topic": "Topic doesn't exist", "no-post": "Post doesn't exist", "no-group": "Group doesn't exist", - "no-user": "User doesn't exist", "no-teaser": "Teaser doesn't exist", "no-privileges": "You don't have enough privileges for this action.", "no-emailers-configured": "No email plugins were loaded, so a test email could not be sent", diff --git a/public/src/forum/login.js b/public/src/forum/login.js index 4f4c9b6061..9f1b5f1ab1 100644 --- a/public/src/forum/login.js +++ b/public/src/forum/login.js @@ -6,58 +6,7 @@ define('forum/login', function() { Login.init = function() { $('#login').on('click', function(e) { - e.preventDefault(); - - var loginData = { - 'username': $('#username').val(), - 'password': $('#password').val(), - 'remember': $('#remember').prop('checked'), - '_csrf': $('#csrf-token').val() - }, - previousUrl = $('input[name="previousUrl"]').val(); - - $('#login').attr('disabled', 'disabled').html('Logging in...'); $('#login-error-notify').hide(); - - $.ajax({ - type: "POST", - url: RELATIVE_PATH + '/login', - data: loginData, - success: function(data, textStatus, jqXHR) { - $('#login').html('Redirecting...'); - if (previousUrl) { - app.previousUrl = previousUrl; - } else if (!app.previousUrl) { - app.previousUrl = RELATIVE_PATH || '/'; - } - - if(app.previousUrl.indexOf('/reset/') !== -1) { - window.location.replace(RELATIVE_PATH + "/?loggedin"); - } else { - var index = app.previousUrl.indexOf('#'); - if(index !== -1) { - window.location.replace(app.previousUrl.slice(0, index) + '?loggedin' + app.previousUrl.slice(index)); - } else { - window.location.replace(app.previousUrl + "?loggedin"); - } - } - - app.loadConfig(); - }, - error: function(data, textStatus, jqXHR) { - var message = data.responseJSON; - if (typeof data.responseJSON !== 'string') { - message = data.responseJSON.message || ''; - } - translator.translate(message, function(errorText) { - $('#login-error-notify').show().html(errorText); - }); - - $('#login').removeAttr('disabled').html('Login'); - }, - dataType: 'json', - async: true - }); }); $('#login-error-notify button').on('click', function(e) { diff --git a/src/controllers/index.js b/src/controllers/index.js index 7a03171ef2..8f1eb2ff2f 100644 --- a/src/controllers/index.js +++ b/src/controllers/index.js @@ -125,10 +125,7 @@ Controllers.login = function(req, res, next) { data.showResetLink = emailersPresent; data.allowLocalLogin = meta.config.allowLocalLogin === undefined || parseInt(meta.config.allowLocalLogin, 10) === 1; data.allowRegistration = meta.config.allowRegistration; - - if (req.query.next) { - data.previousUrl = req.query.next; - } + data.error = req.flash('error')[0]; res.render('login', data); }; diff --git a/src/routes/authentication.js b/src/routes/authentication.js index 19d13aeae6..e39e72ba3c 100644 --- a/src/routes/authentication.js +++ b/src/routes/authentication.js @@ -33,11 +33,17 @@ var continueLogin = function() { passport.authenticate('local', function(err, userData, info) { if (err) { - return res.json(403, err.message); + req.flash('error', info); + return res.redirect(nconf.get('relative_path') + '/login'); } if (!userData) { - return res.json(403, info); + if (typeof info === 'object') { + info = '[[error:invalid-username-or-password]]'; + } + + req.flash('error', info); + return res.redirect(nconf.get('relative_path') + '/login'); } // Alter user cookie depending on passed-in option @@ -57,7 +63,13 @@ user.logIP(userData.uid, req.ip); } - res.json(200, info); + if (!req.session.returnTo) { + res.redirect(nconf.get('relative_path') + '/'); + } else { + var next = req.session.returnTo; + delete req.session.returnTo; + res.redirect(nconf.get('relative_path') + next); + } }); })(req, res, next); }; @@ -193,7 +205,8 @@ Auth.login = function(username, password, next) { if (!username || !password) { - return next(new Error('[[error:invalid-user-data]]')); + next(new Error('[[error:invalid-password]]')); + return; } var userslug = utils.slugify(username); @@ -203,9 +216,11 @@ return next(err); } - if(!uid) { - // To-do: Even if a user doesn't exist, compare passwords anyway, so we don't immediately return - return next(null, false, '[[error:no-user]]'); + if (!uid) { + setTimeout(function() { + next(null, false, '[[error:invalid-password]]'); + }, Math.floor((Math.random() * 1000) + 1500)); // Wait between 1-2.5 seconds before returning + return; } user.auth.logAttempt(uid, function(err) {