From 3c4d12c1765e5b25a36b5b31255796003804a450 Mon Sep 17 00:00:00 2001
From: James Ketrenos <james_git@ketrenos.com>
Date: Sun, 16 Sep 2018 21:06:38 -0700
Subject: [PATCH] Login with bad credentials fails correctly

Signed-off-by: James Ketrenos <james_git@ketrenos.com>
---
 frontend/src/ketr-photos/ketr-photos.html | 13 +++++++++++++
 server/routes/users.js                    |  6 +++---
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/frontend/src/ketr-photos/ketr-photos.html b/frontend/src/ketr-photos/ketr-photos.html
index a488a7d..e52da3b 100755
--- a/frontend/src/ketr-photos/ketr-photos.html
+++ b/frontend/src/ketr-photos/ketr-photos.html
@@ -506,10 +506,21 @@
             return;
           }
           this.loading = true;
+          this.user = null;
           window.fetch("api/v1/users/login", function(error, xhr) {
             this.loading = false;
             this.password = "";
             var user;
+            if (error) {
+              this.user = null;
+              this.$.toast.text = error;
+              this.$.toast.setAttribute("error", true);
+              this.$.toast.updateStyles();
+              this.$.toast.show();
+              console.error("Invalid login information.");
+              return;
+            }
+
             try {
               user = JSON.parse(xhr.responseText);
             } catch(___) {
@@ -518,7 +529,9 @@
               this.$.toast.updateStyles();
               this.$.toast.show();
               console.error("Unable to parse user information");
+              return;
             }
+
             this.user = user;
           }.bind(this), null, "POST", { u: this.username, p: this.password });
         },
diff --git a/server/routes/users.js b/server/routes/users.js
index 5970c24..0acb6f7 100755
--- a/server/routes/users.js
+++ b/server/routes/users.js
@@ -49,7 +49,7 @@ router.post("/login", function(req, res) {
   return ldapPromise(username, password).then(function(user) {
      return user;
   }).catch(function() {
-    let query = "SELECT * FROM users WHERE username=:username";
+    let query = "SELECT * FROM users WHERE uid=:username";
     return userDB.sequelize.query(query, {
       replacements: {
         username: username,
@@ -64,13 +64,13 @@ router.post("/login", function(req, res) {
     });
   }).then(function(user) {
     if (!user) {
-      console.log(username + " not found: " + error);
+      console.log(username + " not found.");
       req.session.user = {};
       return res.status(401).send("Invalid login credentials");      
     }
 
     console.log("Logging in as " + user.displayName);
-    
+
     req.session.user = {
       name: user.displayName,
       mail: user.mail,