From efe6df145c24a667cb86bfc5d1256dd37b4760bc Mon Sep 17 00:00:00 2001 From: Shane Kilkelly Date: Tue, 25 Oct 2016 14:33:47 +0100 Subject: [PATCH] WIP: ask for password when deleting account --- .../Features/User/UserController.coffee | 21 +++++++++++++++++++ services/web/app/coffee/router.coffee | 1 + services/web/app/views/user/settings.jade | 11 ++++++++++ .../coffee/main/account-settings.coffee | 18 ++++++++++++---- 4 files changed, 47 insertions(+), 4 deletions(-) diff --git a/services/web/app/coffee/Features/User/UserController.coffee b/services/web/app/coffee/Features/User/UserController.coffee index 389de1a0f2..839968c277 100644 --- a/services/web/app/coffee/Features/User/UserController.coffee +++ b/services/web/app/coffee/Features/User/UserController.coffee @@ -15,6 +15,7 @@ settings = require "settings-sharelatex" module.exports = UserController = + # TODO: deprecated, remove deleteUser: (req, res)-> user_id = AuthenticationController.getLoggedInUserId(req) UserDeleter.deleteUser user_id, (err)-> @@ -22,6 +23,26 @@ module.exports = UserController = req.session?.destroy() res.sendStatus(200) + tryDeleteUser: (req, res, next) -> + user_id = AuthenticationController.getLoggedInUserId(req) + password = req.body.password + console.log '>> here', user_id, password + return res.sendStatus(500) + if !password? or password == '' + logger.err {user_id}, 'no password supplied for attempt to delete account' + return res.sendStatus(403) + AuthenticationManager.authenticate {_id: user_id}, password, (err, user) -> + if err? + logger.err {user_id}, 'error authenticating during attempt to delete account' + return next(err) + if user + UserDeleter.deleteUser user_id, (err) -> + if err? + logger.err {user_id}, "error while deleting user account" + return next(err) + req.session?.destroy() + res.sendStatus(200) + unsubscribe: (req, res)-> user_id = AuthenticationController.getLoggedInUserId(req) UserLocator.findById user_id, (err, user)-> diff --git a/services/web/app/coffee/router.coffee b/services/web/app/coffee/router.coffee index 56dd8d821b..26bfd6618f 100644 --- a/services/web/app/coffee/router.coffee +++ b/services/web/app/coffee/router.coffee @@ -93,6 +93,7 @@ module.exports = class Router webRouter.delete '/user/newsletter/unsubscribe', AuthenticationController.requireLogin(), UserController.unsubscribe webRouter.delete '/user', AuthenticationController.requireLogin(), UserController.deleteUser + webRouter.post '/user/delete', AuthenticationController.requireLogin(), UserController.tryDeleteUser webRouter.get '/user/personal_info', AuthenticationController.requireLogin(), UserInfoController.getLoggedInUsersPersonalInfo apiRouter.get '/user/:user_id/personal_info', AuthenticationController.httpAuth, UserInfoController.getPersonalInfo diff --git a/services/web/app/views/user/settings.jade b/services/web/app/views/user/settings.jade index d2fa8326d1..5c9ede6304 100644 --- a/services/web/app/views/user/settings.jade +++ b/services/web/app/views/user/settings.jade @@ -153,6 +153,7 @@ block content .modal-body p !{translate("delete_account_warning_message_2")} form(novalidate, name="deleteAccountForm") + label #{translate('email')} input.form-control( type="text", placeholder="", @@ -160,6 +161,16 @@ block content focus-on="open", ng-keyup="checkValidation()" ) + label #{translate('password')} + input.form-control( + type="password", + placeholder="", + ng-model="state.password", + ) + div(ng-if="state.error") + br + div.alert.alert-danger + | #{translate('generic_something_went_wrong')} .modal-footer button.btn.btn-default( ng-click="cancel()" diff --git a/services/web/public/coffee/main/account-settings.coffee b/services/web/public/coffee/main/account-settings.coffee index 29ec146051..24ef77b4aa 100644 --- a/services/web/public/coffee/main/account-settings.coffee +++ b/services/web/public/coffee/main/account-settings.coffee @@ -29,10 +29,11 @@ define [ App.controller "DeleteAccountModalController", [ "$scope", "$modalInstance", "$timeout", "$http", ($scope, $modalInstance, $timeout, $http) -> - $scope.state = + $scope.state = isValid : false deleteText: "" inflight: false + error: false $modalInstance.opened.then () -> $timeout () -> @@ -44,16 +45,25 @@ define [ $scope.delete = () -> $scope.state.inflight = true - + $scope.state.error = false $http({ - method: "DELETE" - url: "/user" + method: "POST" + url: "/user/delete" headers: "X-CSRF-Token": window.csrfToken + "Content-Type": 'application/json' + data: + password: $scope.state.password }) .success () -> $modalInstance.close() + $scope.state.inflight = false + $scope.state.error = false window.location = "/" + .error (err) -> + console.log ">> error", err + $scope.state.error = true + $scope.state.inflight = false $scope.cancel = () -> $modalInstance.dismiss('cancel')