diff --git a/src/controllers/auth.js b/src/controllers/auth.js index 6259cc03ae..04bae89540 100644 --- a/src/controllers/auth.js +++ b/src/controllers/auth.js @@ -128,15 +128,16 @@ api.loginLocal = function(req, res, next) { var username = req.body.username; var password = req.body.password; if (!(username && password)) return res.json(401, {err:'Missing :username or :password in request body, please provide both'}); - User.findOne({'auth.local.username': username}, {auth:1}, function(err, user){ + var login = validator.isEmail(username) ? {'auth.local.email':username} : {'auth.local.username':username}; + User.findOne(login, {auth:1}, function(err, user){ if (err) return next(err); if (!user) return res.json(401, {err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"}); if (user.auth.blocked) return res.json(401, accountSuspended(user._id)); // We needed the whole user object first so we can get his salt to encrypt password comparison - User.findOne({ - 'auth.local.username': username, - 'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt) - }, function(err, user){ + User.findOne({$and:[login, + {'auth.local.hashed_password': utils.encryptPassword(password, user.auth.local.salt)} + ]} + , function(err, user){ if (err) return next(err); if (!user) return res.json(401,{err:"Username or password incorrect. Click 'Forgot Password' for help with either. (Note: usernames are case-sensitive)"}); res.json({id: user._id,token: user.apiToken}); diff --git a/views/static/login-modal.jade b/views/static/login-modal.jade index 46c0ca5f51..1eb90cd6b5 100644 --- a/views/static/login-modal.jade +++ b/views/static/login-modal.jade @@ -17,7 +17,7 @@ script(id='modals/login.html', type='text/ng-template') .tab-pane.active#login-tab form(ng-submit='auth()', method='POST') .form-group - input.form-control(type='text', ng-model='loginUsername', placeholder=env.t('username'), name='username') + input.form-control(type='text', ng-model='loginUsername', placeholder=env.t('username')+' or Email', name='username') .form-group input.form-control(type='password', ng-model='loginPassword', placeholder=env.t('password'), name='password') //-.control-group