WIP: ask for password when deleting account

services/web/app/coffee/Features/User/UserController.coffee

@@ -15,6 +15,7 @@ settings = require "settings-sharelatex"
 
 module.exports = UserController =
 
+	# TODO: deprecated, remove
 	deleteUser: (req, res)->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		UserDeleter.deleteUser user_id, (err)->
@@ -22,6 +23,26 @@ module.exports = UserController =
 				req.session?.destroy()
 			res.sendStatus(200)
 
+	tryDeleteUser: (req, res, next) ->
+		user_id = AuthenticationController.getLoggedInUserId(req)
+		password = req.body.password
+		console.log '>> here', user_id, password
+		return res.sendStatus(500)
+		if !password? or password == ''
+			logger.err {user_id}, 'no password supplied for attempt to delete account'
+			return res.sendStatus(403)
+		AuthenticationManager.authenticate {_id: user_id}, password, (err, user) ->
+			if err?
+				logger.err {user_id}, 'error authenticating during attempt to delete account'
+				return next(err)
+			if user
+				UserDeleter.deleteUser user_id, (err) ->
+					if err?
+						logger.err {user_id}, "error while deleting user account"
+						return next(err)
+					req.session?.destroy()
+					res.sendStatus(200)
+
 	unsubscribe: (req, res)->
 		user_id = AuthenticationController.getLoggedInUserId(req)
 		UserLocator.findById user_id, (err, user)->

services/web/app/coffee/router.coffee

@@ -93,6 +93,7 @@ module.exports = class Router
 
 		webRouter.delete '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe
 		webRouter.delete '/user', AuthenticationController.requireLogin(), UserController.deleteUser
+		webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser
 
 		webRouter.get  '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo
 		apiRouter.get  '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo

services/web/app/views/user/settings.jade

@@ -153,6 +153,7 @@ block content
 		.modal-body
 			p !{translate("delete_account_warning_message_2")}
 			form(novalidate, name="deleteAccountForm")
+				label #{translate('email')}
 				input.form-control(
 					type="text",
 					placeholder="",
@@ -160,6 +161,16 @@ block content
 					focus-on="open",
 					ng-keyup="checkValidation()"
 				)
+				label #{translate('password')}
+				input.form-control(
+					type="password",
+					placeholder="",
+					ng-model="state.password",
+				)
+			div(ng-if="state.error")
+				br
+				div.alert.alert-danger
+					| #{translate('generic_something_went_wrong')}
 		.modal-footer
 			button.btn.btn-default(
 				ng-click="cancel()"

services/web/public/coffee/main/account-settings.coffee

@@ -29,10 +29,11 @@ define [
 	App.controller "DeleteAccountModalController", [
 		"$scope", "$modalInstance", "$timeout", "$http",
 		($scope,   $modalInstance,   $timeout,   $http) ->
-			$scope.state = 
+			$scope.state =
 				isValid : false
 				deleteText: ""
 				inflight: false
+				error: false
 
 			$modalInstance.opened.then () ->
 				$timeout () ->
@@ -44,16 +45,25 @@ define [
 
 			$scope.delete = () ->
 				$scope.state.inflight = true
-
+				$scope.state.error = false
 				$http({
-						method: "DELETE"
-						url: "/user"
+						method: "POST"
+						url: "/user/delete"
 						headers:
 							"X-CSRF-Token": window.csrfToken
+							"Content-Type": 'application/json'
+						data:
+							password: $scope.state.password
 					})
 					.success () ->
 						$modalInstance.close()
+						$scope.state.inflight = false
+						$scope.state.error = false
 						window.location = "/"
+					.error (err) ->
+						console.log ">> error", err
+						$scope.state.error = true
+						$scope.state.inflight = false
 
 			$scope.cancel = () ->
 				$modalInstance.dismiss('cancel')