@ -545,12 +545,25 @@
( defroute ( "/user/delete" :method :POST ) ( )
( defroute ( "/user/delete" :method :POST ) ( )
( destructuring-bind
( destructuring-bind
( &key authenticity-token &allow-other-keys )
( &key authenticity-token delete-account-check &allow-other-keys )
( utils:request-params ( lack.request:request-body-parameters ningle:*request* ) )
( utils:request-params ( lack.request:request-body-parameters ningle:*request* ) )
( cond ( ( not ( string= authenticity-token ( auth:csrf-token ) ) )
( cond ( ( not ( string= authenticity-token ( auth:csrf-token ) ) )
` ( , +forbidden+ ( :content-type "text/plain" ) ( "Denied" ) ) )
` ( , +forbidden+ ( :content-type "text/plain" ) ( "Denied" ) ) )
( t ( hermetic:auth ( :logged-in )
( t ( hermetic:auth ( :logged-in )
;; Authorised
;; Authorised
( cond ( ( utils:string-is-nil-or-empty? delete-account-check )
( utils:set-alert
"No username entered. Account not deleted."
"missing-data" )
( redirect "/user/edit" ) )
( ( not ( string= delete-account-check
( user::username-of
( auth:get-current-user ) ) ) )
( utils:set-alert
"Wrong username entered. Account not deleted."
"invalid-data" )
( redirect "/user/edit" ) )
( t
( progn
( progn
( nera-db:delete-user
( nera-db:delete-user
( user::username-of ( auth:get-current-user ) ) )
( user::username-of ( auth:get-current-user ) ) )
@ -563,7 +576,7 @@
;; (session data persits).
;; (session data persits).
( progn ( utils:set-alert
( progn ( utils:set-alert
"Unable to delete session data." "error" )
"Unable to delete session data." "error" )
( redirect "/" ) ) ) )
( redirect "/" ) ) ) ) ) )
;; Not Authorised
;; Not Authorised
( progn ( utils:set-alert "You are not logged in."
( progn ( utils:set-alert "You are not logged in."
"error" )
"error" )