nodebb/src/user/auth.js

'use strict';

var async = require('async'),
	db = require('../database'),
	meta = require('../meta'),
	events = require('../events');

module.exports = function(User) {
	User.auth = {};

	User.auth.logAttempt = function(uid, ip, callback) {
		db.exists('lockout:' + uid, function(err, exists) {
			if (err) {
				return callback(err);
			}

			if (exists) {
				return callback(new Error('[[error:account-locked]]'));
			}

			db.increment('loginAttempts:' + uid, function(err, attempts) {
				if (err) {
					return callback(err);
				}

				if ((meta.config.loginAttempts || 5) < attempts) {
					// Lock out the account
					db.set('lockout:' + uid, '', function(err) {
						if (err) {
							return callback(err);
						}
						var duration = 1000 * 60 * (meta.config.lockoutDuration || 60);

						db.delete('loginAttempts:' + uid);
						db.pexpire('lockout:' + uid, duration);
						events.log({
							type: 'account-locked',
							uid: uid,
							ip: ip
						});
						callback(new Error('[[error:account-locked]]'));
					});
				} else {
					db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60);
					callback();
				}
			});
		});
	};

	User.auth.clearLoginAttempts = function(uid) {
		db.delete('loginAttempts:' + uid);
	};

	User.auth.resetLockout = function(uid, callback) {
		async.parallel([
			async.apply(db.delete, 'loginAttempts:' + uid),
			async.apply(db.delete, 'lockout:' + uid)
		], callback);
	};
};