From 2e0763b0a8303add4836e7bf741e72944a822b79 Mon Sep 17 00:00:00 2001
From: barisusakli <barisusakli@gmail.com>
Date: Sun, 15 May 2016 20:33:52 +0300
Subject: [PATCH] closes #1972

---
 src/middleware/middleware.js | 36 +++++++++++++++++++++++-------------
 1 file changed, 23 insertions(+), 13 deletions(-)

diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js
index 7d324e136e..926eeb2a06 100644
--- a/src/middleware/middleware.js
+++ b/src/middleware/middleware.js
@@ -194,19 +194,29 @@ middleware.isAdmin = function(req, res, next) {
 		}
 
 		if (isAdmin) {
-			var loginTime = req.session.meta ? req.session.meta.datetime : 0;
-			if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
-				return next();
-			}
-
-			req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, '');
-			req.session.forceLogin = 1;
-			if (res.locals.isAPI) {
-				res.status(401).json({});
-			} else {
-				res.redirect('/login');
-			}
-			return;
+			user.hasPassword(req.uid, function(err, hasPassword) {
+				if (err) {
+					return next(err);
+				}
+
+				if (!hasPassword) {
+					return next();
+				}
+
+				var loginTime = req.session.meta ? req.session.meta.datetime : 0;
+				if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) {
+					return next();
+				}
+
+				req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, '');
+				req.session.forceLogin = 1;
+				if (res.locals.isAPI) {
+					res.status(401).json({});
+				} else {
+					res.redirect('/login');
+				}
+				return;
+			});
 		}
 
 		if (res.locals.isAPI) {