diff --git a/src/controllers/index.js b/src/controllers/index.js index 9500fca12c..7a2f225290 100644 --- a/src/controllers/index.js +++ b/src/controllers/index.js @@ -81,7 +81,7 @@ Controllers.login = function(req, res, next) { data.alternate_logins = loginStrategies.length > 0; data.authentication = loginStrategies; data.showResetLink = emailersPresent; - data.allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1; + data.allowLocalLogin = parseInt(meta.config.allowLocalLogin, 10) === 1 || parseInt(req.query.local, 10) === 1; data.allowRegistration = parseInt(meta.config.allowRegistration, 10) === 1; data.allowLoginWith = '[[login:' + (meta.config.allowLoginWith || 'username-email') + ']]'; data.breadcrumbs = helpers.buildBreadcrumbs([{text: '[[global:login]]'}]); diff --git a/src/middleware/middleware.js b/src/middleware/middleware.js index 9e400de9b7..8adc6aabe7 100644 --- a/src/middleware/middleware.js +++ b/src/middleware/middleware.js @@ -10,18 +10,19 @@ var app, winston = require('winston'), validator = require('validator'), nconf = require('nconf'), + ensureLoggedIn = require('connect-ensure-login'), - plugins = require('./../plugins'), - navigation = require('./../navigation'), - meta = require('./../meta'), - translator = require('./../../public/src/modules/translator'), - user = require('./../user'), - groups = require('./../groups'), - db = require('./../database'), - categories = require('./../categories'), - topics = require('./../topics'), + plugins = require('../plugins'), + navigation = require('../navigation'), + meta = require('../meta'), + translator = require('../../public/src/modules/translator'), + user = require('../user'), + groups = require('../groups'), + db = require('../database'), + categories = require('../categories'), + topics = require('../topics'), messaging = require('../messaging'), - ensureLoggedIn = require('connect-ensure-login'), + analytics = require('../analytics'), controllers = { diff --git a/src/routes/authentication.js b/src/routes/authentication.js index a0f420458d..4f9611e56a 100644 --- a/src/routes/authentication.js +++ b/src/routes/authentication.js @@ -101,11 +101,23 @@ user.auth.logAttempt(uid, req.ip, next); }, function(next) { - db.getObjectFields('user:' + uid, ['password', 'banned', 'passwordExpiry'], next); + async.parallel({ + userData: function(next) { + db.getObjectFields('user:' + uid, ['password', 'banned', 'passwordExpiry'], next); + }, + isAdmin: function(next) { + user.isAdministrator(uid, next); + } + }, next); }, - function(_userData, next) { - userData = _userData; + function(result, next) { + userData = result.userData; userData.uid = uid; + userData.isAdmin = result.isAdmin; + + if (!result.isAdmin && parseInt(meta.config.allowLocalLogin, 10) === 0) { + return next(new Error('[[error:local-login-disabled]]')); + } if (!userData || !userData.password) { return next(new Error('[[error:invalid-user-data]]')); @@ -136,10 +148,6 @@ }); function login(req, res, next) { - if (parseInt(meta.config.allowLocalLogin, 10) === 0) { - return res.status(404).send(''); - } - // Handle returnTo data if (req.body.hasOwnProperty('returnTo') && !req.session.returnTo) { req.session.returnTo = req.body.returnTo; @@ -147,7 +155,7 @@ if (plugins.hasListeners('action:auth.overrideLogin')) { return Auth.continueLogin(req, res, next); - }; + } var loginWith = meta.config.allowLoginWith || 'username-email'; diff --git a/src/routes/index.js b/src/routes/index.js index e9a2ed5ace..2ebf77d53e 100644 --- a/src/routes/index.js +++ b/src/routes/index.js @@ -118,7 +118,9 @@ module.exports = function(app, middleware) { app.all(relativePath + '/api/?*', middleware.prepareAPI); app.all(relativePath + '/api/admin/?*', middleware.isAdmin); - app.all(relativePath + '/admin/?*', middleware.ensureLoggedIn, middleware.applyCSRF, middleware.isAdmin); + + var ensureLoggedIn = require('connect-ensure-login'); + app.all(relativePath + '/admin/?*', ensureLoggedIn.ensureLoggedIn(nconf.get('relative_path') + '/login?local=1'), middleware.applyCSRF, middleware.isAdmin); adminRoutes(router, middleware, controllers); metaRoutes(router, middleware, controllers);