closes #1972

9 years ago · 2e0763b0a8
parent 6685fafe6b
commit 2e0763b0a8
1 changed files with 23 additions and 13 deletions
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@ -194,19 +194,29 @@ middleware.isAdmin = function(req, res, next) {
 		}

 		if (isAdmin) {
-			var loginTime = req.session.meta ? req.session.meta.datetime : 0;
-			if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
-				return next();
-			}
-
-			req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, '');
-			req.session.forceLogin = 1;
-			if (res.locals.isAPI) {
-				res.status(401).json({});
-			} else {
-				res.redirect('/login');
-			}
-			return;
+			user.hasPassword(req.uid, function(err, hasPassword) {
+				if (err) {
+					return next(err);
+				}
+
+				if (!hasPassword) {
+					return next();
+				}
+
+				var loginTime = req.session.meta ? req.session.meta.datetime : 0;
+				if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
+					return next();
+				}
+
+				req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, '');
+				req.session.forceLogin = 1;
+				if (res.locals.isAPI) {
+					res.status(401).json({});
+				} else {
+					res.redirect('/login');
+				}
+				return;
+			});
 		}

 		if (res.locals.isAPI) {