return-to-ritherdon
/
ritherdon-archive
1
0
Fork 0
Code Issues 2 Pull Requests Projects 1 Releases Wiki Activity
Browse Source

update /user/delete defroute: add 'type username input check'. 

When the user wants to delete their account they must now enter their
username as part of the form they submit. This is so they don't
accidently delete thier account.
stable
Craig Oates 2 years ago
parent
6c65b9c5a0
commit
9430942cb5
1 changed files with 27 additions and 14 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 41
      src/web.lisp

41
src/web.lisp
Unescape View File

@ -545,25 +545,38 @@
(defroute ("/user/delete" :method :POST) () (defroute ("/user/delete" :method :POST) ()
(destructuring-bind (destructuring-bind
(&key authenticity-token &allow-other-keys) (&key authenticity-token delete-account-check &allow-other-keys)
(utils:request-params (lack.request:request-body-parameters ningle:*request*)) (utils:request-params (lack.request:request-body-parameters ningle:*request*))
(cond ((not (string= authenticity-token (auth:csrf-token))) (cond ((not (string= authenticity-token (auth:csrf-token)))
`(,+forbidden+ (:content-type "text/plain") ("Denied"))) `(,+forbidden+ (:content-type "text/plain") ("Denied")))
(t (hermetic:auth (:logged-in) (t (hermetic:auth (:logged-in)
;; Authorised ;; Authorised
(progn (cond ((utils:string-is-nil-or-empty? delete-account-check)
(nera-db:delete-user (utils:set-alert
(user::username-of (auth:get-current-user))) "No username entered. Account not deleted."
(hermetic:logout "missing-data")
;; Successful log-out -- after account deleted (redirect "/user/edit"))
;; (session data cleared). ((not (string= delete-account-check
(progn (auth:flash-gethash :id ningle:*session*) (user::username-of
(redirect "/")) (auth:get-current-user))))
;; Failed log-out -- after account deleted (utils:set-alert
;; (session data persits). "Wrong username entered. Account not deleted."
(progn (utils:set-alert "invalid-data")
"Unable to delete session data." "error") (redirect "/user/edit"))
(redirect "/")))) (t
(progn
(nera-db:delete-user
(user::username-of (auth:get-current-user)))
(hermetic:logout
;; Successful log-out -- after account deleted
;; (session data cleared).
(progn (auth:flash-gethash :id ningle:*session*)
(redirect "/"))
;; Failed log-out -- after account deleted
;; (session data persits).
(progn (utils:set-alert
"Unable to delete session data." "error")
(redirect "/"))))))
;; Not Authorised ;; Not Authorised
(progn (utils:set-alert "You are not logged in." (progn (utils:set-alert "You are not logged in."
"error") "error")

Write Preview
Loading…
Cancel
Save