From 6ae652b47c39f32f3c1aefa3aa09fbdfa61b007d Mon Sep 17 00:00:00 2001
From: rainbow napkin <ourforest@tuta.io>
Date: Thu, 16 Oct 2025 06:55:36 -0400
Subject: [PATCH] Updated login API to throw 301 when an un-migrated user
 attempts to login.

---
 .../api/account/loginController.js            | 33 ++++++++++++++-----
 src/utils/sessionUtils.js                     |  2 +-
 2 files changed, 25 insertions(+), 10 deletions(-)

diff --git a/src/controllers/api/account/loginController.js b/src/controllers/api/account/loginController.js
index 00d62c4..fd926b0 100644
--- a/src/controllers/api/account/loginController.js
+++ b/src/controllers/api/account/loginController.js
@@ -21,10 +21,10 @@ const config = require('../../../../config.json');
 const {validationResult, matchedData} = require('express-validator');
 
 //local imports
+const migrationModel = require('../../../schemas/user/migrationSchema.js');
 const sessionUtils = require('../../../utils/sessionUtils');
+const hashUtils = require('../../../utils/hashUtils.js');
 const {exceptionHandler, errorHandler} = require('../../../utils/loggerUtils');
-const altchaUtils = require('../../../utils/altchaUtils');
-const session = require('express-session');
 
 //api account functions
 module.exports.post = async function(req, res){
@@ -51,20 +51,35 @@ module.exports.post = async function(req, res){
         //if we don't have errors
         if(validResult.isEmpty()){
             //Get login attempts for current user
-            const {user} = matchedData(req);
-            const attempts = sessionUtils.getLoginAttempts(user)
+            const {user, pass} = matchedData(req);
 
-            //if we've gone over max attempts and
-            if(attempts.count > sessionUtils.throttleAttempts){
-                //tell client it needs a captcha
-                return res.sendStatus(429);
+            //Look for the username in the migration DB
+            const migrationDB = await migrationModel.findOne({user});
+
+            //If this isn't a migration
+            if(migrationDB == null){
+                //Get login attempts
+                const attempts = sessionUtils.getLoginAttempts(user)
+
+                //if we've gone over max attempts 
+                if(attempts.count > sessionUtils.throttleAttempts){
+                    //tell client it needs a captcha
+                    return res.sendStatus(429);
+                }
+            //otherwise
+            }else{
+                //If the user has a good password
+                if(hashUtils.compareLegacyPassword(pass, migrationDB.pass)){
+                    //Redirect to migrate
+                    return res.sendStatus(301);
+                }
             }
         }else{
             res.status(400);
             return res.send({errors: validResult.array()})
         }
 
-        //
+        //Scream about any un-caught errors
         return exceptionHandler(res, err);
     }
     
diff --git a/src/utils/sessionUtils.js b/src/utils/sessionUtils.js
index 6aeae3b..b1b15cd 100644
--- a/src/utils/sessionUtils.js
+++ b/src/utils/sessionUtils.js
@@ -17,7 +17,7 @@ along with this program.  If not, see <https://www.gnu.org/licenses/>.*/
 //Local Imports
 const config = require('../../config.json');
 const {userModel} = require('../schemas/user/userSchema.js');
-const userBanModel = require('../schemas/user/userBanSchema.js')
+const userBanModel = require('../schemas/user/userBanSchema.js');
 const altchaUtils = require('../utils/altchaUtils.js');
 const loggerUtils = require('../utils/loggerUtils.js');