closes #1911

11 years ago · 96b0b449b9
parent f31978aa2c
commit 96b0b449b9
3 changed files with 47 additions and 27 deletions
--- a/public/src/forum/reset_code.js
+++ b/public/src/forum/reset_code.js
@ -26,7 +26,7 @@ define('forum/reset_code', function() {
 					password: password.val()
 				}, function(err) {
 					if(err) {
-						return app.alert(err.message);
+						return app.alertError(err.message);
 					}
 					$('#error').addClass('hide').hide();
 					$('#notice').addClass('hide').hide();
--- a/src/user/auth.js
+++ b/src/user/auth.js
@ -1,3 +1,5 @@
+'use strict';
+
 var db = require('../database'),
 	meta = require('../meta');

@ -6,11 +8,25 @@ module.exports = function(User) {

 	User.auth.logAttempt = function(uid, callback) {
 		db.exists('lockout:' + uid, function(err, exists) {
-			if (!exists) {
+			if (err) {
+				return callback(err);
+			}
+
+			if (exists) {
+				return callback(new Error('[[error:account-locked]]'));
+			}
+
 			db.increment('loginAttempts:' + uid, function(err, attempts) {
+				if (err) {
+					return callback(err);
+				}
+
 				if ((meta.config.loginAttempts || 5) < attempts) {
 					// Lock out the account
 					db.set('lockout:' + uid, '', function(err) {
+						if (err) {
+							return callback(err);
+						}
 						db.delete('loginAttempts:' + uid);
 						db.pexpire('lockout:' + uid, 1000 * 60 * (meta.config.lockoutDuration || 60));
 						callback(new Error('account-locked'));
@ -20,10 +36,7 @@ module.exports = function(User) {
 					callback();
 				}
 			});
-			} else {
-				callback(new Error('[[error:account-locked]]'));
-			}
-		})
+		});
 	};

 	User.auth.clearLoginAttempts = function(uid) {
--- a/src/user/reset.js
+++ b/src/user/reset.js
@ -70,23 +70,30 @@ var async = require('async'),
 				return callback(err);
 			}

-			if (validated) {
+			if (!validated) {
+				return;
+			}
+
 			db.getObjectField('reset:uid', code, function(err, uid) {
 				if (err) {
 					return callback(err);
 				}

 				user.hashPassword(password, function(err, hash) {
+					if (err) {
+						return callback(err);
+					}
 					user.setUserField(uid, 'password', hash);
 					events.logPasswordReset(uid);
-					});

 					db.deleteObjectField('reset:uid', code);
 					db.deleteObjectField('reset:expiry', code);
+					db.delete('lockout:' + uid);
+					user.auth.clearLoginAttempts(uid);

-					callback(null);
+					callback();
+				});
 			});
-			}
 		});
 	};