mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-07-04 15:07:25 +02:00
more tests
This commit is contained in:
@@ -10,43 +10,37 @@ module.exports = function (User) {
|
||||
User.auth = {};
|
||||
|
||||
User.auth.logAttempt = function (uid, ip, callback) {
|
||||
db.exists('lockout:' + uid, function (err, exists) {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
}
|
||||
|
||||
if (exists) {
|
||||
return callback(new Error('[[error:account-locked]]'));
|
||||
}
|
||||
|
||||
db.increment('loginAttempts:' + uid, function (err, attempts) {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
async.waterfall([
|
||||
function (next) {
|
||||
db.exists('lockout:' + uid, next);
|
||||
},
|
||||
function (exists, next) {
|
||||
if (exists) {
|
||||
return callback(new Error('[[error:account-locked]]'));
|
||||
}
|
||||
|
||||
if ((meta.config.loginAttempts || 5) < attempts) {
|
||||
// Lock out the account
|
||||
db.set('lockout:' + uid, '', function (err) {
|
||||
if (err) {
|
||||
return callback(err);
|
||||
}
|
||||
var duration = 1000 * 60 * (meta.config.lockoutDuration || 60);
|
||||
|
||||
db.delete('loginAttempts:' + uid);
|
||||
db.pexpire('lockout:' + uid, duration);
|
||||
events.log({
|
||||
type: 'account-locked',
|
||||
uid: uid,
|
||||
ip: ip
|
||||
});
|
||||
callback(new Error('[[error:account-locked]]'));
|
||||
});
|
||||
} else {
|
||||
db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60);
|
||||
callback();
|
||||
db.increment('loginAttempts:' + uid, next);
|
||||
},
|
||||
function (attemps, next) {
|
||||
var loginAttempts = parseInt(meta.config.loginAttempts, 10) || 5;
|
||||
if (attemps <= loginAttempts) {
|
||||
return db.pexpire('loginAttempts:' + uid, 1000 * 60 * 60, callback);
|
||||
}
|
||||
});
|
||||
});
|
||||
// Lock out the account
|
||||
db.set('lockout:' + uid, '', next);
|
||||
},
|
||||
function (next) {
|
||||
var duration = 1000 * 60 * (meta.config.lockoutDuration || 60);
|
||||
|
||||
db.delete('loginAttempts:' + uid);
|
||||
db.pexpire('lockout:' + uid, duration);
|
||||
events.log({
|
||||
type: 'account-locked',
|
||||
uid: uid,
|
||||
ip: ip
|
||||
});
|
||||
next(new Error('[[error:account-locked]]'));
|
||||
}
|
||||
], callback);
|
||||
};
|
||||
|
||||
User.auth.clearLoginAttempts = function (uid) {
|
||||
|
||||
Reference in New Issue
Block a user