hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

refactored login process to be a form submit instead of ajax-redirect, implemented error message parsing using req.flash

Browse Source
v1.18.x
Julian Lam 11 years ago
parent 9ea081deb3
commit 298d904d45
4 changed files with 24 additions and 63 deletions
Show Stats Download Patch File Download Diff File

2
public/language/en_GB/error.json
Unescape Escape View File

@ -15,6 +15,7 @@
"invalid-title": "Invalid title", "invalid-title": "Invalid title",
"invalid-user-data": "Invalid User Data", "invalid-user-data": "Invalid User Data",
"invalid-password": "Invalid Password", "invalid-password": "Invalid Password",
"invalid-username-or-password": "Please specify both a username and password",
"invalid-pagination-value": "Invalid pagination value", "invalid-pagination-value": "Invalid pagination value",
@ -31,7 +32,6 @@
"no-topic": "Topic doesn't exist", "no-topic": "Topic doesn't exist",
"no-post": "Post doesn't exist", "no-post": "Post doesn't exist",
"no-group": "Group doesn't exist", "no-group": "Group doesn't exist",
"no-user": "User doesn't exist",
"no-teaser": "Teaser doesn't exist", "no-teaser": "Teaser doesn't exist",
"no-privileges": "You don't have enough privileges for this action.", "no-privileges": "You don't have enough privileges for this action.",
"no-emailers-configured": "No email plugins were loaded, so a test email could not be sent", "no-emailers-configured": "No email plugins were loaded, so a test email could not be sent",

51
public/src/forum/login.js
Unescape Escape View File

@ -6,58 +6,7 @@ define('forum/login', function() {
Login.init = function() { Login.init = function() {
$('#login').on('click', function(e) { $('#login').on('click', function(e) {
e.preventDefault();
var loginData = {
'username': $('#username').val(),
'password': $('#password').val(),
'remember': $('#remember').prop('checked'),
'_csrf': $('#csrf-token').val()
},
previousUrl = $('input[name="previousUrl"]').val();
$('#login').attr('disabled', 'disabled').html('Logging in...');
$('#login-error-notify').hide(); $('#login-error-notify').hide();
$.ajax({
type: "POST",
url: RELATIVE_PATH + '/login',
data: loginData,
success: function(data, textStatus, jqXHR) {
$('#login').html('Redirecting...');
if (previousUrl) {
app.previousUrl = previousUrl;
} else if (!app.previousUrl) {
app.previousUrl = RELATIVE_PATH || '/';
}
if(app.previousUrl.indexOf('/reset/') !== -1) {
window.location.replace(RELATIVE_PATH + "/?loggedin");
} else {
var index = app.previousUrl.indexOf('#');
if(index !== -1) {
window.location.replace(app.previousUrl.slice(0, index) + '?loggedin' + app.previousUrl.slice(index));
} else {
window.location.replace(app.previousUrl + "?loggedin");
}
}
app.loadConfig();
},
error: function(data, textStatus, jqXHR) {
var message = data.responseJSON;
if (typeof data.responseJSON !== 'string') {
message = data.responseJSON.message || '';
}
translator.translate(message, function(errorText) {
$('#login-error-notify').show().html(errorText);
});
$('#login').removeAttr('disabled').html('Login');
},
dataType: 'json',
async: true
});
}); });
$('#login-error-notify button').on('click', function(e) { $('#login-error-notify button').on('click', function(e) {

5
src/controllers/index.js
Unescape Escape View File

@ -125,10 +125,7 @@ Controllers.login = function(req, res, next) {
data.showResetLink = emailersPresent; data.showResetLink = emailersPresent;
data.allowLocalLogin = meta.config.allowLocalLogin === undefined || parseInt(meta.config.allowLocalLogin, 10) === 1; data.allowLocalLogin = meta.config.allowLocalLogin === undefined || parseInt(meta.config.allowLocalLogin, 10) === 1;
data.allowRegistration = meta.config.allowRegistration; data.allowRegistration = meta.config.allowRegistration;
data.error = req.flash('error')[0];
if (req.query.next) {
data.previousUrl = req.query.next;
}
res.render('login', data); res.render('login', data);
}; };

29
src/routes/authentication.js
Unescape Escape View File

@ -33,11 +33,17 @@
var continueLogin = function() { var continueLogin = function() {
passport.authenticate('local', function(err, userData, info) { passport.authenticate('local', function(err, userData, info) {
if (err) { if (err) {
return res.json(403, err.message); req.flash('error', info);
return res.redirect(nconf.get('relative_path') + '/login');
} }
if (!userData) { if (!userData) {
return res.json(403, info); if (typeof info === 'object') {
info = '[[error:invalid-username-or-password]]';
}
req.flash('error', info);
return res.redirect(nconf.get('relative_path') + '/login');
} }
// Alter user cookie depending on passed-in option // Alter user cookie depending on passed-in option
@ -57,7 +63,13 @@
user.logIP(userData.uid, req.ip); user.logIP(userData.uid, req.ip);
} }
res.json(200, info); if (!req.session.returnTo) {
res.redirect(nconf.get('relative_path') + '/');
} else {
var next = req.session.returnTo;
delete req.session.returnTo;
res.redirect(nconf.get('relative_path') + next);
}
}); });
})(req, res, next); })(req, res, next);
}; };
@ -193,7 +205,8 @@
Auth.login = function(username, password, next) { Auth.login = function(username, password, next) {
if (!username || !password) { if (!username || !password) {
return next(new Error('[[error:invalid-user-data]]')); next(new Error('[[error:invalid-password]]'));
return;
} }
var userslug = utils.slugify(username); var userslug = utils.slugify(username);
@ -203,9 +216,11 @@
return next(err); return next(err);
} }
if(!uid) { if (!uid) {
// To-do: Even if a user doesn't exist, compare passwords anyway, so we don't immediately return setTimeout(function() {
return next(null, false, '[[error:no-user]]'); next(null, false, '[[error:invalid-password]]');
}, Math.floor((Math.random() * 1000) + 1500)); // Wait between 1-2.5 seconds before returning
return;
} }
user.auth.logAttempt(uid, function(err) { user.auth.logAttempt(uid, function(err) {

Write Preview
Loading…
Cancel
Save