fixed 1495

public/src/ajaxify.js

@@ -186,7 +186,9 @@ var ajaxify = ajaxify || {};
 				if (data && data.status === 404) {
 					return ajaxify.go('404');
 				} else if (data && data.status === 403) {
-					return ajaxify.go('403');
+					app.alertError('[[global:please_log_in]]');
+					app.previousUrl = url;
+					return ajaxify.go('login');
 				} else if (data && data.status === 302) {
 					return ajaxify.go(data.responseJSON.slice(1));
 				} else if (textStatus !== "abort") {

public/src/forum/login.js

@@ -1,3 +1,6 @@
+"use strict";
+/* global define, app, RELATIVE_PATH */
+
 define(function() {
 	var	Login = {};
 
@@ -6,11 +9,12 @@ define(function() {
 			e.preventDefault();
 
 			var loginData = {
-				'username': $('#username').val(),
-				'password': $('#password').val(),
-				'remember': $('#remember').prop('checked'),
-				'_csrf': $('#csrf-token').val()
-			};
+					'username': $('#username').val(),
+					'password': $('#password').val(),
+					'remember': $('#remember').prop('checked'),
+					'_csrf': $('#csrf-token').val()
+				},
+				previousUrl = $('input[name="previousUrl"]').val();
 
 			$('#login').attr('disabled', 'disabled').html('Logging in...');
 			$('#login-error-notify').hide();
@@ -21,7 +25,9 @@ define(function() {
 				data: loginData,
 				success: function(data, textStatus, jqXHR) {
 					$('#login').html('Redirecting...');
-					if(!app.previousUrl) {
+					if (previousUrl) {
+						app.previousUrl = previousUrl;
+					} else if (!app.previousUrl) {
 						app.previousUrl = '/';
 					}
 

src/controllers/index.js

@@ -176,6 +176,9 @@ Controllers.login = function(req, res, next) {
 	data.token = res.locals.csrf_token;
 	data.showResetLink = emailersPresent;
 	data.allowLocalLogin = meta.config.allowLocalLogin === undefined || parseInt(meta.config.allowLocalLogin, 10) === 1;
+	if (req.query.next) {
+		data.previousUrl = req.query.next;
+	}
 
 	res.render('login', data);
 };

src/middleware/admin.js

@@ -15,6 +15,10 @@ var app,
 
 
 middleware.isAdmin = function(req, res, next) {
+	if (!req.user) {
+		return res.redirect('/login?next=admin');
+	}
+
 	user.isAdministrator((req.user && req.user.uid) ? req.user.uid : 0, function (err, isAdmin) {
 		if (err) {
 			return next(err);

src/middleware/middleware.js

@@ -99,7 +99,7 @@ middleware.checkGlobalPrivacySettings = function(req, res, next) {
 		if (res.locals.isAPI) {
 			return res.json(403, 'not-allowed');
 		} else {
-			return res.redirect('403');
+			return res.redirect('login?next=' + req.url);
 		}
 	}
 
@@ -107,8 +107,13 @@ middleware.checkGlobalPrivacySettings = function(req, res, next) {
 };
 
 middleware.checkAccountPermissions = function(req, res, next) {
+	// This middleware ensures that only the requested user and admins can pass
 	var callerUID = req.user ? parseInt(req.user.uid, 10) : 0;
 
+	if (callerUID === 0) {
+		return res.redirect('/login?next=' + req.url);
+	}
+
 	// this function requires userslug to be passed in. todo: /user/uploadpicture should pass in userslug I think
 	user.getUidByUserslug(req.params.userslug, function (err, uid) {
 		if (err) {

src/routes/authentication.js

@@ -31,7 +31,7 @@
 
 	function login(req, res, next) {
 		if(meta.config.allowLocalLogin !== undefined && parseInt(meta.config.allowLocalLogin, 10) === 0) {
-			return res.send(403);
+			return res.send(404);
 		}
 
 		passport.authenticate('local', function(err, userData, info) {