diff --git a/src/web.lisp b/src/web.lisp index d3004bc..3e041dc 100644 --- a/src/web.lisp +++ b/src/web.lisp @@ -545,25 +545,38 @@ (defroute ("/user/delete" :method :POST) () (destructuring-bind - (&key authenticity-token &allow-other-keys) + (&key authenticity-token delete-account-check &allow-other-keys) (utils:request-params (lack.request:request-body-parameters ningle:*request*)) (cond ((not (string= authenticity-token (auth:csrf-token))) `(,+forbidden+ (:content-type "text/plain") ("Denied"))) (t (hermetic:auth (:logged-in) ;; Authorised - (progn - (nera-db:delete-user - (user::username-of (auth:get-current-user))) - (hermetic:logout - ;; Successful log-out -- after account deleted - ;; (session data cleared). - (progn (auth:flash-gethash :id ningle:*session*) - (redirect "/")) - ;; Failed log-out -- after account deleted - ;; (session data persits). - (progn (utils:set-alert - "Unable to delete session data." "error") - (redirect "/")))) + (cond ((utils:string-is-nil-or-empty? delete-account-check) + (utils:set-alert + "No username entered. Account not deleted." + "missing-data") + (redirect "/user/edit")) + ((not (string= delete-account-check + (user::username-of + (auth:get-current-user)))) + (utils:set-alert + "Wrong username entered. Account not deleted." + "invalid-data") + (redirect "/user/edit")) + (t + (progn + (nera-db:delete-user + (user::username-of (auth:get-current-user))) + (hermetic:logout + ;; Successful log-out -- after account deleted + ;; (session data cleared). + (progn (auth:flash-gethash :id ningle:*session*) + (redirect "/")) + ;; Failed log-out -- after account deleted + ;; (session data persits). + (progn (utils:set-alert + "Unable to delete session data." "error") + (redirect "/")))))) ;; Not Authorised (progn (utils:set-alert "You are not logged in." "error")