refactored login process to be a form submit instead of ajax-redirect, implemented error message parsing using req.flash

2025-11-02 12:05:57 +01:00 · 2014-08-31 22:41:13 -04:00
parent 9ea081deb3
commit 298d904d45
4 changed files with 24 additions and 63 deletions
--- a/public/language/en_GB/error.json
+++ b/public/language/en_GB/error.json
@@ -15,6 +15,7 @@
 	"invalid-title": "Invalid title",
 	"invalid-user-data": "Invalid User Data",
 	"invalid-password": "Invalid Password",
+	"invalid-username-or-password": "Please specify both a username and password",

 	"invalid-pagination-value": "Invalid pagination value",

@@ -31,7 +32,6 @@
 	"no-topic": "Topic doesn't exist",
 	"no-post": "Post doesn't exist",
 	"no-group": "Group doesn't exist",
-	"no-user": "User doesn't exist",
 	"no-teaser": "Teaser doesn't exist",
 	"no-privileges": "You don't have enough privileges for this action.",
 	"no-emailers-configured": "No email plugins were loaded, so a test email could not be sent",
--- a/public/src/forum/login.js
+++ b/public/src/forum/login.js
@@ -6,58 +6,7 @@ define('forum/login', function() {

 	Login.init = function() {
 		$('#login').on('click', function(e) {
-			e.preventDefault();
-
-			var loginData = {
-					'username': $('#username').val(),
-					'password': $('#password').val(),
-					'remember': $('#remember').prop('checked'),
-					'_csrf': $('#csrf-token').val()
-				},
-				previousUrl = $('input[name="previousUrl"]').val();
-
-			$('#login').attr('disabled', 'disabled').html('Logging in...');
 			$('#login-error-notify').hide();
-
-			$.ajax({
-				type: "POST",
-				url: RELATIVE_PATH + '/login',
-				data: loginData,
-				success: function(data, textStatus, jqXHR) {
-					$('#login').html('Redirecting...');
-					if (previousUrl) {
-						app.previousUrl = previousUrl;
-					} else if (!app.previousUrl) {
-						app.previousUrl = RELATIVE_PATH || '/';
-					}
-
-					if(app.previousUrl.indexOf('/reset/') !== -1) {
-						window.location.replace(RELATIVE_PATH + "/?loggedin");
-					} else {
-						var index = app.previousUrl.indexOf('#');
-						if(index !== -1) {
-							window.location.replace(app.previousUrl.slice(0, index) + '?loggedin' + app.previousUrl.slice(index));
-						} else {
-							window.location.replace(app.previousUrl + "?loggedin");
-						}
-					}
-
-					app.loadConfig();
-				},
-				error: function(data, textStatus, jqXHR) {
-					var message = data.responseJSON;
-					if (typeof data.responseJSON !== 'string') {
- 						message = data.responseJSON.message || '';
-					}
-					translator.translate(message, function(errorText) {
-						$('#login-error-notify').show().html(errorText);
-					});
-
-					$('#login').removeAttr('disabled').html('Login');
-				},
-				dataType: 'json',
-				async: true
-			});
 		});

 		$('#login-error-notify button').on('click', function(e) {
--- a/src/controllers/index.js
+++ b/src/controllers/index.js
@@ -125,10 +125,7 @@ Controllers.login = function(req, res, next) {
 	data.showResetLink = emailersPresent;
 	data.allowLocalLogin = meta.config.allowLocalLogin === undefined || parseInt(meta.config.allowLocalLogin, 10) === 1;
 	data.allowRegistration = meta.config.allowRegistration;
-
-	if (req.query.next) {
-		data.previousUrl = req.query.next;
-	}
+	data.error = req.flash('error')[0];

 	res.render('login', data);
 };
--- a/src/routes/authentication.js
+++ b/src/routes/authentication.js
@@ -33,11 +33,17 @@
 		var continueLogin = function() {
 			passport.authenticate('local', function(err, userData, info) {
 				if (err) {
-					return res.json(403, err.message);
+					req.flash('error', info);
+					return res.redirect(nconf.get('relative_path') + '/login');
 				}

 				if (!userData) {
-					return res.json(403, info);
+					if (typeof info === 'object') {
+						info = '[[error:invalid-username-or-password]]';
+					}
+
+					req.flash('error', info);
+					return res.redirect(nconf.get('relative_path') + '/login');
 				}

 				// Alter user cookie depending on passed-in option
@@ -57,7 +63,13 @@
 						user.logIP(userData.uid, req.ip);
 					}

-					res.json(200, info);
+					if (!req.session.returnTo) {
+						res.redirect(nconf.get('relative_path') + '/');
+					} else {
+						var next = req.session.returnTo;
+						delete req.session.returnTo;
+						res.redirect(nconf.get('relative_path') + next);
+					}
 				});
 			})(req, res, next);
 		};
@@ -193,7 +205,8 @@

 	Auth.login = function(username, password, next) {
 		if (!username || !password) {
-			return next(new Error('[[error:invalid-user-data]]'));
+			next(new Error('[[error:invalid-password]]'));
+			return;
 		}

 		var userslug = utils.slugify(username);
@@ -203,9 +216,11 @@
 				return next(err);
 			}

-			if(!uid) {
-				// To-do: Even if a user doesn't exist, compare passwords anyway, so we don't immediately return
-				return next(null, false, '[[error:no-user]]');
+			if (!uid) {
+				setTimeout(function() {
+					next(null, false, '[[error:invalid-password]]');
+				}, Math.floor((Math.random() * 1000) + 1500));	// Wait between 1-2.5 seconds before returning
+				return;
 			}

 			user.auth.logAttempt(uid, function(err) {