From 2e0763b0a8303add4836e7bf741e72944a822b79 Mon Sep 17 00:00:00 2001 From: barisusakli Date: Sun, 15 May 2016 20:33:52 +0300 Subject: [PATCH] closes #1972 --- src/middleware/middleware.js | 36 +++++++++++++++++++++++------------- 1 file changed, 23 insertions(+), 13 deletions(-) diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 7d324e136e..926eeb2a06 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -194,19 +194,29 @@ middleware.isAdmin = function(req, res, next) { } if (isAdmin) { - var loginTime = req.session.meta ? req.session.meta.datetime : 0; - if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) { - return next(); - } - - req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, ''); - req.session.forceLogin = 1; - if (res.locals.isAPI) { - res.status(401).json({}); - } else { - res.redirect('/login'); - } - return; + user.hasPassword(req.uid, function(err, hasPassword) { + if (err) { + return next(err); + } + + if (!hasPassword) { + return next(); + } + + var loginTime = req.session.meta ? req.session.meta.datetime : 0; + if (loginTime && parseInt(loginTime, 10) > Date.now() - 3600000) { + return next(); + } + + req.session.returnTo = nconf.get('relative_path') + req.path.replace(/^\/api/, ''); + req.session.forceLogin = 1; + if (res.locals.isAPI) { + res.status(401).json({}); + } else { + res.redirect('/login'); + } + return; + }); } if (res.locals.isAPI) {