From c45c4a5fdbb36e3c48655838c0004bfe6b703f73 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Mon, 24 Apr 2017 13:31:38 -0400 Subject: [PATCH] on login display invalid-login-credentials --- public/language/en-GB/error.json | 1 + src/controllers/authentication.js | 21 +++++++-------------- src/user/auth.js | 3 +++ 3 files changed, 11 insertions(+), 14 deletions(-) diff --git a/public/language/en-GB/error.json b/public/language/en-GB/error.json index b5b90c04e5..e19075cd64 100644 --- a/public/language/en-GB/error.json +++ b/public/language/en-GB/error.json @@ -15,6 +15,7 @@ "invalid-title": "Invalid title", "invalid-user-data": "Invalid User Data", "invalid-password": "Invalid Password", + "invalid-login-credentials": "Invalid login credentials", "invalid-username-or-password": "Please specify both a username and password", "invalid-search-term": "Invalid search term", "csrf-invalid": "We were unable to log you in, likely due to an expired session. Please try again", diff --git a/src/controllers/authentication.js b/src/controllers/authentication.js index 76f2da243d..c06f1ee400 100644 --- a/src/controllers/authentication.js +++ b/src/controllers/authentication.js @@ -16,7 +16,7 @@ var Password = require('../password'); var sockets = require('../socket.io'); -var authenticationController = {}; +var authenticationController = module.exports; authenticationController.register = function (req, res) { var registrationType = meta.config.registrationType || 'normal'; @@ -357,13 +357,8 @@ authenticationController.localLogin = function (req, username, password, next) { user.getUidByUserslug(userslug, next); }, function (_uid, next) { - if (!_uid) { - return next(new Error('[[error:no-user]]')); - } uid = _uid; - user.auth.logAttempt(uid, req.ip, next); - }, - function (next) { + async.parallel({ userData: function (next) { db.getObjectFields('user:' + uid, ['password', 'passwordExpiry'], next); @@ -384,9 +379,7 @@ authenticationController.localLogin = function (req, username, password, next) { if (!result.isAdmin && parseInt(meta.config.allowLocalLogin, 10) === 0) { return next(new Error('[[error:local-login-disabled]]')); } - if (!userData || !userData.password) { - return next(new Error('[[error:invalid-user-data]]')); - } + if (result.banned) { // Retrieve ban reason and show error return user.getLatestBanInfo(uid, function (err, banInfo) { @@ -404,11 +397,14 @@ authenticationController.localLogin = function (req, username, password, next) { }); } + user.auth.logAttempt(uid, req.ip, next); + }, + function (next) { Password.compare(password, userData.password, next); }, function (passwordMatch, next) { if (!passwordMatch) { - return next(new Error('[[error:invalid-password]]')); + return next(new Error('[[error:invalid-login-credentials]]')); } user.auth.clearLoginAttempts(uid); next(null, userData, '[[success:authentication-successful]]'); @@ -441,6 +437,3 @@ authenticationController.logout = function (req, res, next) { res.status(200).send(''); } }; - - -module.exports = authenticationController; diff --git a/src/user/auth.js b/src/user/auth.js index 29a79f39c4..8a4582c155 100644 --- a/src/user/auth.js +++ b/src/user/auth.js @@ -11,6 +11,9 @@ module.exports = function (User) { User.auth = {}; User.auth.logAttempt = function (uid, ip, callback) { + if (!parseInt(uid, 10)) { + return setImmediate(callback); + } async.waterfall([ function (next) { db.exists('lockout:' + uid, next);