Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-04-09 14:09:32 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix: #14116, don't return ban reason if login credentials are incorrect

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2026-03-23 09:43:15 -04:00
parent 43e7f0abb9
commit 9bcef6b5ea
2 changed files with 20 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

19
src/controllers/authentication.js
View File

@@ -409,21 +409,20 @@ authenticationController.localLogin = async function (req, username, password, n
userData.isAdminOrGlobalMod = isAdminOrGlobalMod;
if (!canLoginIfBanned) {
return next(await getBanError(uid));
}
// Doing this after the ban check, because user's privileges might change after a ban expires
const hasLoginPrivilege = await privileges.global.can('local:login', uid);
if (parseInt(uid, 10) && !hasLoginPrivilege) {
return next(new Error('[[error:local-login-disabled]]'));
}
try {
const passwordMatch = await user.isPasswordCorrect(uid, password, req.ip);
if (!passwordMatch) {
return next(new Error('[[error:invalid-login-credentials]]'));
}
if (!canLoginIfBanned) {
return next(await getBanError(uid));
}
// Doing this after the ban check, because user's privileges might change after a ban expires
const hasLoginPrivilege = await privileges.global.can('local:login', uid);
if (parseInt(uid, 10) && !hasLoginPrivilege) {
return next(new Error('[[error:local-login-disabled]]'));
}
} catch (e) {
if (req.loggedIn) {
await logoutAsync(req);