From 74af205426bc740f4b5fc9512eefdd655fc69203 Mon Sep 17 00:00:00 2001 From: Baris Usakli Date: Wed, 14 Aug 2013 15:49:56 -0400 Subject: [PATCH] banned users cant login, show error messages on failed logins --- public/src/forum/login.js | 10 +++++++--- public/templates/login.tpl | 2 +- src/categories.js | 4 ++-- src/login.js | 10 ++++++++-- src/routes/authentication.js | 19 +++++++++++++++---- src/webserver.js | 1 + 6 files changed, 34 insertions(+), 12 deletions(-) diff --git a/public/src/forum/login.js b/public/src/forum/login.js index d5faee48df..2be3b5e701 100644 --- a/public/src/forum/login.js +++ b/public/src/forum/login.js @@ -27,11 +27,15 @@ url: RELATIVE_PATH + '/login', data: loginData, success: function(data, textStatus, jqXHR) { - $('#login-error-notify').hide(); - window.location.replace(RELATIVE_PATH + "/?loggedin"); + if(!data.success) { + $('#login-error-notify').html(data.message).show(); + } else { + $('#login-error-notify').hide(); + window.location.replace(RELATIVE_PATH + "/?loggedin"); + } }, error : function(data, textStatus, jqXHR) { - $('#login-error-notify').show().delay(1000).fadeOut(250); + $('#login-error-notify').show(); }, dataType: 'json', async: true, diff --git a/public/templates/login.tpl b/public/templates/login.tpl index a3847fbb71..fcd48f54f7 100644 --- a/public/templates/login.tpl +++ b/public/templates/login.tpl @@ -14,7 +14,7 @@   Forgot Password? - Invalid username/password
+
Invalid username/password
diff --git a/src/categories.js b/src/categories.js index 417920b634..5e42ac2063 100644 --- a/src/categories.js +++ b/src/categories.js @@ -157,7 +157,7 @@ var RDB = require('./redis.js'), break; } } - callback(allread); + callback(allread); }); }); } @@ -281,7 +281,7 @@ var RDB = require('./redis.js'), } Categories.hasReadCategory(cid, current_user, function(hasRead) { - categoryData['badgeclass'] = (parseInt(categoryData.topic_count,10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important'; + categoryData['badgeclass'] = (parseInt(categoryData.topic_count, 10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important'; categories.push(categoryData); callback(null); diff --git a/src/login.js b/src/login.js index 0e8a1a0d7d..0adb9311f5 100644 --- a/src/login.js +++ b/src/login.js @@ -25,8 +25,14 @@ var user = require('./user.js'), }); } - user.getUserField(uid, 'password', function(user_password) { - bcrypt.compare(password, user_password, function(err, res) { + user.getUserFields(uid, ['password', 'banned'], function(userData) { + if(userData.banned && userData.banned === '1') { + return next({ + status: "error", + message: "user-banned" + }); + } + bcrypt.compare(password, userData.password, function(err, res) { if(err) { winston.err(err); next({ diff --git a/src/routes/authentication.js b/src/routes/authentication.js index 2191ca13c7..60ce935557 100644 --- a/src/routes/authentication.js +++ b/src/routes/authentication.js @@ -136,10 +136,21 @@ res.send(header + templates['reset'] + templates['footer']); }); }); - - - app.post('/login', passport.authenticate('local'), function(req, res) { - res.json({success:1}); + + app.post('/login', function(req, res, next) { + passport.authenticate('local', function(err, user, info) { + if(err) { + return next(err); + } + if (!user) { + return res.send({ success : false, message : info.message }); + } + req.login({ + uid: user.uid + }, function() { + res.send({ success : true, message : 'authentication succeeded' }); + }); + })(req, res, next); }); app.post('/register', function(req, res) { diff --git a/src/webserver.js b/src/webserver.js index 4e78b4af7f..6d8d47afea 100644 --- a/src/webserver.js +++ b/src/webserver.js @@ -124,6 +124,7 @@ var express = require('express'), }); app.use(function(err, req, res, next) { + // we may use properties of the error object // here and next(err) appropriately, or if // we possibly recovered from the error, simply next().