Require user password for deleting accounts #2842

2024-11-23 23:58:02 -05:00 · 2015-06-20 23:03:37 +09:00 · 2015-06-20 23:03:37 +09:00 · 39fc882303
commit 39fc882303
parent 37257d2477
3 changed files with 48 additions and 12 deletions
--- a/app/locale/en.coffee
+++ b/app/locale/en.coffee
@ -709,6 +709,7 @@
    picture_tab: "Picture"
    delete_account_tab: "Delete Your Account"
    wrong_email: "Wrong Email"
+    wrong_password: "Wrong Password"
    upload_picture: "Upload a picture"
    delete_this_account: "Delete this account permanently"
    god_mode: "God Mode"
@ -718,6 +719,7 @@
    new_password: "New Password"
    new_password_verify: "Verify"
    type_in_email: "Type in your email to confirm the deletion"
+    type_in_password: "Type in your password also"
    email_subscriptions: "Email Subscriptions"
    email_subscriptions_none: "No Email Subscriptions."
    email_announcements: "Announcements"
--- a/app/templates/account/account-settings-view.jade
+++ b/app/templates/account/account-settings-view.jade
@ -56,7 +56,10 @@ else
            .form-group
              label.control-label(for="email1", data-i18n="account_settings.type_in_email") Type in your email to confirm the deletion
              input#email1.form-control(name="email1", type="text")
-            button#delete-account-button.btn.form-control.btn-primary(data-i18n="account_settings.delete_this_account")
+            .form-group  
+              label.control-label(for="password1", data-i18n="account_settings.type_in_password") Type in your password also
+              input#password1.form-control(name="password1", type="password")  
+          button#delete-account-button.btn.form-control.btn-primary(data-i18n="account_settings.delete_this_account")

    .col-md-6
          
--- a/app/views/account/AccountSettingsView.coffee
+++ b/app/views/account/AccountSettingsView.coffee
@ -40,7 +40,7 @@ module.exports = class AccountSettingsView extends CocoView
  #- Form input callbacks
  onInputChanged: (e) ->
    $(e.target).addClass 'changed'
-    if (JSON.stringify(document.getElementById('email1').className)).indexOf("changed") > -1
+    if (JSON.stringify(document.getElementById('email1').className)).indexOf("changed") > -1 or (JSON.stringify(document.getElementById('password1').className)).indexOf("changed") > -1 
      $(e.target).removeClass 'changed'
    else
      @trigger 'input-changed'
@ -67,26 +67,57 @@ module.exports = class AccountSettingsView extends CocoView


  #- Just copied from OptionsView, TODO refactor
-
  confirmAccountDeletion: ->
    forms.clearFormAlerts(@$el)
-    myEmail = me.get 'email'
+    myEmail = me.get 'email'   
    email1 = document.getElementById('email1').value
+    password1 = document.getElementById('password1').value
    if Boolean(email1) and email1 is myEmail
-      renderData =
-        'confirmTitle': 'Are you really sure?'
-        'confirmBody': 'This will completely delete your account. This action CANNOT be undone. Are you entirely sure?'
-        'confirmDecline': 'Not really'
-        'confirmConfirm': 'Definitely'
-      confirmModal = new ConfirmModal renderData
-      confirmModal.on 'confirm', @deleteAccount
-      @openModalView confirmModal
+      isPasswordCorrect = false
+      toBeDelayed = true
+      $.ajax
+        url: '/auth/login'
+        type: 'POST'
+        data:
+          {
+            username: email1,
+            password: password1
+          }
+        parse: true
+        error: (error) ->
+          toBeDelayed = false
+          'Bad Error. Can\'t connect to server or something. ' + error
+        success: (response, textStatus, jqXHR) ->
+          toBeDelayed = false
+          unless jqXHR.status is 200
+            return
+          isPasswordCorrect = true
+      callback = (tempThis) ->
+        if toBeDelayed
+          setTimeout callback, 100, tempThis
+        else
+          if isPasswordCorrect
+            renderData =
+              'confirmTitle': 'Are you really sure?'
+              'confirmBody': 'This will completely delete your account. This action CANNOT be undone. Are you entirely sure?'
+              'confirmDecline': 'Not really'
+              'confirmConfirm': 'Definitely'
+            confirmModal = new ConfirmModal renderData
+            confirmModal.on 'confirm', tempThis.deleteAccount
+            tempThis.openModalView confirmModal
+          else
+            message = $.i18n.t('account_settings.wrong_password', defaultValue: 'Wrong Password.')
+            err = [message: message, property: 'password1', formatted: true]
+            forms.applyErrorsToForm(tempThis.$el, err)
+            $('.nano').nanoScroller({scrollTo: tempThis.$el.find('.has-error')})      
+      setTimeout callback, 100, this
    else
      message = $.i18n.t('account_settings.wrong_email', defaultValue: 'Wrong Email.')
      err = [message: message, property: 'email1', formatted: true]
      forms.applyErrorsToForm(@$el, err)
      $('.nano').nanoScroller({scrollTo: @$el.find('.has-error')})

+
  deleteAccount: ->
    myID = me.id
    $.ajax