banned users cant login, show error messages on failed logins

public/src/forum/login.js

@@ -27,11 +27,15 @@
 			url: RELATIVE_PATH + '/login',
 			data: loginData,
 			success: function(data, textStatus, jqXHR) {
-				$('#login-error-notify').hide();
-				window.location.replace(RELATIVE_PATH + "/?loggedin");
+				if(!data.success) {
+					$('#login-error-notify').html(data.message).show();
+				} else {
+					$('#login-error-notify').hide();
+					window.location.replace(RELATIVE_PATH + "/?loggedin");
+				}
 			},
 			error : function(data, textStatus, jqXHR) {
-				$('#login-error-notify').show().delay(1000).fadeOut(250);
+				$('#login-error-notify').show();
 			},
 			dataType: 'json',
 			async: true,

public/templates/login.tpl

@@ -14,7 +14,7 @@
 			<button class="btn btn-primary" id="login" type="submit">Login</button> &nbsp; <a href="/reset">Forgot Password?</a>
 		</form>
 		
-		<span id="login-error-notify" class="label label-important hide">Invalid username/password</span><br/>
+		<div id="login-error-notify" class="alert alert-danger hide">Invalid username/password</div>
 	</div>
 	
 	<div class="well span6 {alternate_logins:display}">

src/categories.js

@@ -281,7 +281,7 @@ var	RDB = require('./redis.js'),
 				}
 
 				Categories.hasReadCategory(cid, current_user, function(hasRead) {
-					categoryData['badgeclass'] = (parseInt(categoryData.topic_count,10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important';
+					categoryData['badgeclass'] = (parseInt(categoryData.topic_count, 10) === 0 || (hasRead && current_user != 0)) ? '' : 'badge-important';
 
 					categories.push(categoryData);
 					callback(null);

src/login.js

@@ -25,8 +25,14 @@ var user = require('./user.js'),
 					});
 				}
 				
-				user.getUserField(uid, 'password', function(user_password) {
-					bcrypt.compare(password, user_password, function(err, res) {
+				user.getUserFields(uid, ['password', 'banned'], function(userData) {
+					if(userData.banned && userData.banned === '1') {
+						return next({
+							status: "error",
+							message: "user-banned"
+						});
+					}
+					bcrypt.compare(password, userData.password, function(err, res) {
 						if(err) {
 							winston.err(err);
 							next({

src/routes/authentication.js

@@ -137,9 +137,20 @@
 			});
 		});
 		
-
-		app.post('/login', passport.authenticate('local'), function(req, res) {
-			res.json({success:1});
+		app.post('/login', function(req, res, next) {
+			passport.authenticate('local', function(err, user, info) {
+				if(err) {
+					return next(err);
+				}
+				if (!user) {
+					return res.send({ success : false, message : info.message });
+				}
+				req.login({
+					uid: user.uid
+				}, function() {
+					res.send({ success : true, message : 'authentication succeeded' });
+				});
+			})(req, res, next);
 		});
 		
 		app.post('/register', function(req, res) {

src/webserver.js

@@ -124,6 +124,7 @@ var express = require('express'),
 	});
 
 	app.use(function(err, req, res, next) {
+		
 		// we may use properties of the error object
 		// here and next(err) appropriately, or if
 		// we possibly recovered from the error, simply next().