From 96eb9557f15bd8cfeddf9ac9dedfd81813e243bd Mon Sep 17 00:00:00 2001
From: Martin Lehoux <martin@lehoux.net>
Date: Tue, 12 Feb 2019 13:28:52 +0100
Subject: [PATCH] add login error when user already logged in

---
 index.js | 23 +++++++++++++----------
 1 file changed, 13 insertions(+), 10 deletions(-)

diff --git a/index.js b/index.js
index 066060c..b6be466 100644
--- a/index.js
+++ b/index.js
@@ -104,17 +104,20 @@ app.post('/signup', (req, res) => {
 app.post('/login', (req, res) => {
   if (!req.body.username || !req.body.password) {
     return res.redirect('/signup');
+  } else if (req.session.user) {
+    error(req, res, 'User already logged in', 'You must logout before log in.')
+  } else {
+    User.findOne({ username: req.body.username }, (err, user) => {
+      err ? error(req, res, 'Error fetching user', err) : null;
+      if (bcrypt.compareSync(req.body.password, user.passwordHash)) {
+        req.session.user = user;
+        return res.redirect(req.query.nextUrl || '/');
+      } else {
+        error(req, res, 'Bad credentials')
+        return res.redirect('/signup');
+      }
+    });
   }
-  User.findOne({ username: req.body.username }, (err, user) => {
-    err ? error(req, res, 'Error fetching user', err) : null;
-    if (bcrypt.compareSync(req.body.password, user.passwordHash)) {
-      req.session.user = user;
-      return res.redirect(req.query.nextUrl || '/');
-    } else {
-      error(req, res, 'Bad credentials')
-      return res.redirect('/signup');
-    }
-  });
 });
 app.post('/logout', (req, res) => {
   req.session.destroy();
-- 
GitLab