From 6591524079c19fb41990582ded759eb777140c75 Mon Sep 17 00:00:00 2001 From: Tyler Renelle Date: Mon, 9 Sep 2013 11:01:57 -0400 Subject: [PATCH] fix to auth route to show if the problem was username, not just password --- src/controllers/auth.js | 30 ++++++++++++------------------ 1 file changed, 12 insertions(+), 18 deletions(-) diff --git a/src/controllers/auth.js b/src/controllers/auth.js index c8bb3d475e..0d569b337c 100644 --- a/src/controllers/auth.js +++ b/src/controllers/auth.js @@ -103,24 +103,18 @@ api.registerUser = function(req, res, next) { api.loginLocal = function(req, res, next) { var username = req.body.username; var password = req.body.password; - async.waterfall([ - function(cb) { - if (!(username && password)) return cb('No username or password'); - User.findOne({'auth.local.username': username}, cb); - }, function(user, cb) { - if (!user) return cb('Username not found'); - // We needed the whole user object first so we can get his salt to encrypt password comparison - User.findOne({ - 'auth.local.username': username, - 'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt) - }, cb); - } - ], function(err, user) { - if (!user) err = 'Incorrect password'; - if (err) return res.json(401, {err: err}); - res.json(200, { - id: user._id, - token: user.apiToken + if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'}); + User.findOne({'auth.local.username': username}, function(err, user){ + if (err) return res.json(500,{err:err}); + if (!user) return res.json(401, {err:"Username '" + username + "' not found. Usernames are case-sensitive, click 'Forgot Password' if you can't remember the capitalization."}); + // We needed the whole user object first so we can get his salt to encrypt password comparison + User.findOne({ + 'auth.local.username': username, + 'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt) + }, function(err, user){ + if (err) return res.json(500,{err:err}); + if (!user) return res.json(401,{err:'Incorrect password'}); + res.json({id: user._id,token: user.apiToken}); }); }); };