closes #1911

public/src/forum/reset_code.js

@@ -26,7 +26,7 @@ define('forum/reset_code', function() {
 					password: password.val()
 				}, function(err) {
 					if(err) {
-						return app.alert(err.message);
+						return app.alertError(err.message);
 					}
 					$('#error').addClass('hide').hide();
 					$('#notice').addClass('hide').hide();

src/user/auth.js

@@ -1,3 +1,5 @@
+'use strict';
+
 var db = require('../database'),
 	meta = require('../meta');
 
@@ -6,24 +8,35 @@ module.exports = function(User) {
 
 	User.auth.logAttempt = function(uid, callback) {
 		db.exists('lockout:' + uid, function(err, exists) {
-			if (!exists) {
-				db.increment('loginAttempts:' + uid, function(err, attempts) {
-					if ((meta.config.loginAttempts || 5) < attempts) {
-						// Lock out the account
-						db.set('lockout:' + uid, '', function(err) {
-							db.delete('loginAttempts:' + uid);
-							db.pexpire('lockout:' + uid, 1000*60*(meta.config.lockoutDuration || 60));
-							callback(new Error('account-locked'));
-						});
-					} else {
-						db.pexpire('loginAttempts:' + uid, 1000*60*60);
-						callback();
-					}
-				});
-			} else {
-				callback(new Error('[[error:account-locked]]'));
+			if (err) {
+				return callback(err);
+			}
+
+			if (exists) {
+				return callback(new Error('[[error:account-locked]]'));
 			}
-		})
+
+			db.increment('loginAttempts:' + uid, function(err, attempts) {
+				if (err) {
+					return callback(err);
+				}
+
+				if ((meta.config.loginAttempts || 5) < attempts) {
+					// Lock out the account
+					db.set('lockout:' + uid, '', function(err) {
+						if (err) {
+							return callback(err);
+						}
+						db.delete('loginAttempts:' + uid);
+						db.pexpire('lockout:' + uid, 1000 * 60 * (meta.config.lockoutDuration || 60));
+						callback(new Error('account-locked'));
+					});
+				} else {
+					db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60);
+					callback();
+				}
+			});
+		});
 	};
 
 	User.auth.clearLoginAttempts = function(uid) {

src/user/reset.js

@@ -70,23 +70,30 @@ var async = require('async'),
 				return callback(err);
 			}
 
-			if (validated) {
-				db.getObjectField('reset:uid', code, function(err, uid) {
+			if (!validated) {
+				return;
+			}
+
+			db.getObjectField('reset:uid', code, function(err, uid) {
+				if (err) {
+					return callback(err);
+				}
+
+				user.hashPassword(password, function(err, hash) {
 					if (err) {
 						return callback(err);
 					}
-
-					user.hashPassword(password, function(err, hash) {
-						user.setUserField(uid, 'password', hash);
-						events.logPasswordReset(uid);
-					});
+					user.setUserField(uid, 'password', hash);
+					events.logPasswordReset(uid);
 
 					db.deleteObjectField('reset:uid', code);
 					db.deleteObjectField('reset:expiry', code);
+					db.delete('lockout:' + uid);
+					user.auth.clearLoginAttempts(uid);
 
-					callback(null);
+					callback();
 				});
-			}
+			});
 		});
 	};