mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-01-26 09:19:55 +01:00
closed #1453
This commit is contained in:
Julian Lam
@@ -2,6 +2,7 @@
|
||||
"invalid-data": "Invalid Data",
|
||||
|
||||
"not-logged-in": "You don't seem to be logged in.",
|
||||
"account-locked": "Your account has been locked temporarily",
|
||||
|
||||
"invalid-cid": "Invalid Category ID",
|
||||
"invalid-tid": "Invalid Topic ID",
|
||||
|
||||
@@ -45,7 +45,11 @@ define(function() {
|
||||
app.loadConfig();
|
||||
},
|
||||
error: function(data, textStatus, jqXHR) {
|
||||
$('#login-error-notify').show();
|
||||
// Update error text
|
||||
translator.translate(data.responseJSON, function(errorText) {
|
||||
$('#login-error-notify').show().html(errorText);
|
||||
});
|
||||
|
||||
$('#login').removeAttr('disabled').html('Login');
|
||||
},
|
||||
dataType: 'json',
|
||||
|
||||
@@ -64,6 +64,10 @@ module.exports = function(db, module) {
|
||||
}
|
||||
};
|
||||
|
||||
module.increment = function(key, callback) {
|
||||
// ^_^
|
||||
};
|
||||
|
||||
module.rename = function(oldKey, newKey, callback) {
|
||||
// G__G
|
||||
};
|
||||
|
||||
@@ -79,6 +79,10 @@ module.exports = function(db, module) {
|
||||
module.setObject(key, data, callback);
|
||||
};
|
||||
|
||||
module.increment = function(key, callback) {
|
||||
db.collection('objects').update({_key: key}, { $inc: { value: 1 } }, helpers.done(callback));
|
||||
};
|
||||
|
||||
module.rename = function(oldKey, newKey, callback) {
|
||||
db.collection('objects').update({_key: oldKey}, {$set:{_key: newKey}}, helpers.done(callback));
|
||||
};
|
||||
|
||||
@@ -85,6 +85,10 @@ module.exports = function(redisClient, module) {
|
||||
redisClient.set(key, value, callback);
|
||||
};
|
||||
|
||||
module.increment = function(key, callback) {
|
||||
redisClient.incr(key, callback);
|
||||
};
|
||||
|
||||
module.rename = function(oldKey, newKey, callback) {
|
||||
redisClient.rename(oldKey, newKey, callback);
|
||||
};
|
||||
@@ -101,7 +105,7 @@ module.exports = function(redisClient, module) {
|
||||
redisClient.pexpire(key, ms, callback);
|
||||
};
|
||||
|
||||
module.expireAt = function(key, timestamp, callback) {
|
||||
module.pexpireAt = function(key, timestamp, callback) {
|
||||
redisClient.pexpireat(key, timestamp, callback);
|
||||
};
|
||||
};
|
||||
@@ -171,35 +171,44 @@
|
||||
}
|
||||
|
||||
if(!uid) {
|
||||
// Even if a user doesn't exist, compare passwords anyway, so we don't immediately return
|
||||
// To-do: Even if a user doesn't exist, compare passwords anyway, so we don't immediately return
|
||||
return next(null, false, '[[error:no-user]]');
|
||||
}
|
||||
|
||||
db.getObjectFields('user:' + uid, ['password', 'banned'], function(err, userData) {
|
||||
user.auth.logAttempt(uid, function(err) {
|
||||
if (err) {
|
||||
return next(err);
|
||||
return next(null, false, err.message);
|
||||
}
|
||||
|
||||
if (!userData || !userData.password) {
|
||||
return next(new Error('[[error:invalid-user-data]]'));
|
||||
}
|
||||
|
||||
if (userData.banned && parseInt(userData.banned, 10) === 1) {
|
||||
return next(null, false, '[[error:user-banned]]');
|
||||
}
|
||||
|
||||
bcrypt.compare(password, userData.password, function(err, res) {
|
||||
db.getObjectFields('user:' + uid, ['password', 'banned'], function(err, userData) {
|
||||
if (err) {
|
||||
return next(new Error('bcrypt compare error'));
|
||||
return next(err);
|
||||
}
|
||||
|
||||
if (!res) {
|
||||
return next(null, false, '[[error:invalid-password]]');
|
||||
if (!userData || !userData.password) {
|
||||
return next(new Error('[[error:invalid-user-data]]'));
|
||||
}
|
||||
|
||||
next(null, {
|
||||
uid: uid
|
||||
}, '[[success:authentication-successful]]');
|
||||
if (userData.banned && parseInt(userData.banned, 10) === 1) {
|
||||
return next(null, false, '[[error:user-banned]]');
|
||||
}
|
||||
|
||||
bcrypt.compare(password, userData.password, function(err, res) {
|
||||
if (err) {
|
||||
return next(new Error('bcrypt compare error'));
|
||||
}
|
||||
|
||||
if (!res) {
|
||||
return next(null, false, '[[error:invalid-password]]');
|
||||
}
|
||||
|
||||
// Clear login attempts
|
||||
user.auth.clearLoginAttempts(uid);
|
||||
|
||||
next(null, {
|
||||
uid: uid
|
||||
}, '[[success:authentication-successful]]');
|
||||
});
|
||||
});
|
||||
});
|
||||
});
|
||||
|
||||
@@ -23,6 +23,7 @@ var bcrypt = require('bcryptjs'),
|
||||
User.notifications = require('./user/notifications');
|
||||
User.reset = require('./user/reset');
|
||||
|
||||
require('./user/auth')(User);
|
||||
require('./user/create')(User);
|
||||
require('./user/follow')(User);
|
||||
require('./user/profile')(User);
|
||||
|
||||
32
src/user/auth.js
Normal file
32
src/user/auth.js
Normal file
@@ -0,0 +1,32 @@
|
||||
var db = require('../database'),
|
||||
meta = require('../meta');
|
||||
|
||||
module.exports = function(User) {
|
||||
User.auth = {};
|
||||
|
||||
User.auth.logAttempt = function(uid, callback) {
|
||||
db.exists('lockout:' + uid, function(err, exists) {
|
||||
if (!exists) {
|
||||
db.increment('loginAttempts:' + uid, function(err, attempts) {
|
||||
if ((meta.config.loginAttempts || 5) < attempts) {
|
||||
// Lock out the account
|
||||
db.set('lockout:' + uid, '', function(err) {
|
||||
db.delete('loginAttempts:' + uid);
|
||||
db.pexpire('lockout:' + uid, 1000*60*(meta.config.lockoutDuration || 60));
|
||||
callback(new Error('account-locked'));
|
||||
});
|
||||
} else {
|
||||
db.pexpire('loginAttempts:' + uid, 1000*60*60);
|
||||
callback();
|
||||
}
|
||||
});
|
||||
} else {
|
||||
callback(new Error('[[error:account-locked]]'));
|
||||
}
|
||||
})
|
||||
};
|
||||
|
||||
User.auth.clearLoginAttempts = function(uid) {
|
||||
db.delete('loginAttempts:' + uid);
|
||||
};
|
||||
};
|
||||
Reference in New Issue
Block a user