From 96b0b449b9312b4368933c732aadb702a48df41d Mon Sep 17 00:00:00 2001 From: barisusakli Date: Tue, 29 Jul 2014 00:42:33 -0400 Subject: [PATCH] closes #1911 --- public/src/forum/reset_code.js | 2 +- src/user/auth.js | 47 ++++++++++++++++++++++------------ src/user/reset.js | 25 +++++++++++------- 3 files changed, 47 insertions(+), 27 deletions(-) diff --git a/public/src/forum/reset_code.js b/public/src/forum/reset_code.js index 3a76c06c80..9a7fc80075 100644 --- a/public/src/forum/reset_code.js +++ b/public/src/forum/reset_code.js @@ -26,7 +26,7 @@ define('forum/reset_code', function() { password: password.val() }, function(err) { if(err) { - return app.alert(err.message); + return app.alertError(err.message); } $('#error').addClass('hide').hide(); $('#notice').addClass('hide').hide(); diff --git a/src/user/auth.js b/src/user/auth.js index 71de297ca0..b9c7b348ce 100644 --- a/src/user/auth.js +++ b/src/user/auth.js @@ -1,3 +1,5 @@ +'use strict'; + var db = require('../database'), meta = require('../meta'); @@ -6,24 +8,35 @@ module.exports = function(User) { User.auth.logAttempt = function(uid, callback) { db.exists('lockout:' + uid, function(err, exists) { - if (!exists) { - db.increment('loginAttempts:' + uid, function(err, attempts) { - if ((meta.config.loginAttempts || 5) < attempts) { - // Lock out the account - db.set('lockout:' + uid, '', function(err) { - db.delete('loginAttempts:' + uid); - db.pexpire('lockout:' + uid, 1000*60*(meta.config.lockoutDuration || 60)); - callback(new Error('account-locked')); - }); - } else { - db.pexpire('loginAttempts:' + uid, 1000*60*60); - callback(); - } - }); - } else { - callback(new Error('[[error:account-locked]]')); + if (err) { + return callback(err); + } + + if (exists) { + return callback(new Error('[[error:account-locked]]')); } - }) + + db.increment('loginAttempts:' + uid, function(err, attempts) { + if (err) { + return callback(err); + } + + if ((meta.config.loginAttempts || 5) < attempts) { + // Lock out the account + db.set('lockout:' + uid, '', function(err) { + if (err) { + return callback(err); + } + db.delete('loginAttempts:' + uid); + db.pexpire('lockout:' + uid, 1000 * 60 * (meta.config.lockoutDuration || 60)); + callback(new Error('account-locked')); + }); + } else { + db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60); + callback(); + } + }); + }); }; User.auth.clearLoginAttempts = function(uid) { diff --git a/src/user/reset.js b/src/user/reset.js index 542ad22d12..ee80679bcd 100644 --- a/src/user/reset.js +++ b/src/user/reset.js @@ -70,23 +70,30 @@ var async = require('async'), return callback(err); } - if (validated) { - db.getObjectField('reset:uid', code, function(err, uid) { + if (!validated) { + return; + } + + db.getObjectField('reset:uid', code, function(err, uid) { + if (err) { + return callback(err); + } + + user.hashPassword(password, function(err, hash) { if (err) { return callback(err); } - - user.hashPassword(password, function(err, hash) { - user.setUserField(uid, 'password', hash); - events.logPasswordReset(uid); - }); + user.setUserField(uid, 'password', hash); + events.logPasswordReset(uid); db.deleteObjectField('reset:uid', code); db.deleteObjectField('reset:expiry', code); + db.delete('lockout:' + uid); + user.auth.clearLoginAttempts(uid); - callback(null); + callback(); }); - } + }); }); };