Make delete account require password.

- Fixes #301
author: Dessalines <tyhou13@gmx.com> 2019-10-17 21:25:23 -0700
committer: Dessalines <tyhou13@gmx.com> 2019-10-17 21:25:23 -0700
commit: f7c9dc0b2139c192b1c3a725a2da7ed631d61607 (patch)
tree: 367e1c79836a1b4546da88b584bc75ee24961102 /server
parent: 8a2fb128a973e4f7963d735191e481ace1185190 (diff)
1 files changed, 9 insertions, 0 deletions
diff --git a/server/src/api/user.rs b/server/src/api/user.rs
index b0ed5a4b..2de80905 100644
--- a/server/src/api/user.rs
+++ b/server/src/api/user.rs
@@ -105,6 +105,7 @@ pub struct GetReplies {
 
 #[derive(Serialize, Deserialize)]
 pub struct DeleteAccount {
+  password: String,
   auth: String,
 }
 
@@ -601,6 +602,14 @@ impl Perform<LoginResponse> for Oper<DeleteAccount> {
 
     let user_id = claims.id;
 
+    let user: User_ = User_::read(&conn, user_id)?;
+
+    // Verify the password
+    let valid: bool = verify(&data.password, &user.password_encrypted).unwrap_or(false);
+    if !valid {
+      return Err(APIError::err(&self.op, "password_incorrect"))?;
+    }
+
     // Comments
     let comments = CommentView::list(
       &conn,
author	Dessalines <tyhou13@gmx.com>	2019-10-17 21:25:23 -0700
committer	Dessalines <tyhou13@gmx.com>	2019-10-17 21:25:23 -0700
commit	f7c9dc0b2139c192b1c3a725a2da7ed631d61607 (patch)
tree	367e1c79836a1b4546da88b584bc75ee24961102 /server
parent	8a2fb128a973e4f7963d735191e481ace1185190 (diff)