diff options
author | Dessalines <tyhou13@gmx.com> | 2019-10-17 21:25:23 -0700 |
---|---|---|
committer | Dessalines <tyhou13@gmx.com> | 2019-10-17 21:25:23 -0700 |
commit | f7c9dc0b2139c192b1c3a725a2da7ed631d61607 (patch) | |
tree | 367e1c79836a1b4546da88b584bc75ee24961102 /server | |
parent | 8a2fb128a973e4f7963d735191e481ace1185190 (diff) |
Make delete account require password.
- Fixes #301
Diffstat (limited to 'server')
-rw-r--r-- | server/src/api/user.rs | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/server/src/api/user.rs b/server/src/api/user.rs index b0ed5a4b..2de80905 100644 --- a/server/src/api/user.rs +++ b/server/src/api/user.rs @@ -105,6 +105,7 @@ pub struct GetReplies { #[derive(Serialize, Deserialize)] pub struct DeleteAccount { + password: String, auth: String, } @@ -601,6 +602,14 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> { let user_id = claims.id; + let user: User_ = User_::read(&conn, user_id)?; + + // Verify the password + let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false); + if !valid { + return Err(APIError::err(&self.op, "password_incorrect"))?; + } + // Comments let comments = CommentView::list( &conn, |