From 96eb9557f15bd8cfeddf9ac9dedfd81813e243bd Mon Sep 17 00:00:00 2001 From: Martin Lehoux <martin@lehoux.net> Date: Tue, 12 Feb 2019 13:28:52 +0100 Subject: [PATCH] add login error when user already logged in --- index.js | 23 +++++++++++++---------- 1 file changed, 13 insertions(+), 10 deletions(-) diff --git a/index.js b/index.js index 066060c..b6be466 100644 --- a/index.js +++ b/index.js @@ -104,17 +104,20 @@ app.post('/signup', (req, res) => { app.post('/login', (req, res) => { if (!req.body.username || !req.body.password) { return res.redirect('/signup'); + } else if (req.session.user) { + error(req, res, 'User already logged in', 'You must logout before log in.') + } else { + User.findOne({ username: req.body.username }, (err, user) => { + err ? error(req, res, 'Error fetching user', err) : null; + if (bcrypt.compareSync(req.body.password, user.passwordHash)) { + req.session.user = user; + return res.redirect(req.query.nextUrl || '/'); + } else { + error(req, res, 'Bad credentials') + return res.redirect('/signup'); + } + }); } - User.findOne({ username: req.body.username }, (err, user) => { - err ? error(req, res, 'Error fetching user', err) : null; - if (bcrypt.compareSync(req.body.password, user.passwordHash)) { - req.session.user = user; - return res.redirect(req.query.nextUrl || '/'); - } else { - error(req, res, 'Bad credentials') - return res.redirect('/signup'); - } - }); }); app.post('/logout', (req, res) => { req.session.destroy(); -- GitLab