@ -545,25 +545,38 @@
( defroute ( "/user/delete" :method :POST ) ( )
( destructuring-bind
( &key authenticity-token &allow-other-keys )
( &key authenticity-token delete-account-check &allow-other-keys )
( utils:request-params ( lack.request:request-body-parameters ningle:*request* ) )
( cond ( ( not ( string= authenticity-token ( auth:csrf-token ) ) )
` ( , +forbidden+ ( :content-type "text/plain" ) ( "Denied" ) ) )
( t ( hermetic:auth ( :logged-in )
;; Authorised
( progn
( nera-db:delete-user
( user::username-of ( auth:get-current-user ) ) )
( hermetic:logout
;; Successful log-out -- after account deleted
;; (session data cleared).
( progn ( auth:flash-gethash :id ningle:*session* )
( redirect "/" ) )
;; Failed log-out -- after account deleted
;; (session data persits).
( progn ( utils:set-alert
"Unable to delete session data." "error" )
( redirect "/" ) ) ) )
( cond ( ( utils:string-is-nil-or-empty? delete-account-check )
( utils:set-alert
"No username entered. Account not deleted."
"missing-data" )
( redirect "/user/edit" ) )
( ( not ( string= delete-account-check
( user::username-of
( auth:get-current-user ) ) ) )
( utils:set-alert
"Wrong username entered. Account not deleted."
"invalid-data" )
( redirect "/user/edit" ) )
( t
( progn
( nera-db:delete-user
( user::username-of ( auth:get-current-user ) ) )
( hermetic:logout
;; Successful log-out -- after account deleted
;; (session data cleared).
( progn ( auth:flash-gethash :id ningle:*session* )
( redirect "/" ) )
;; Failed log-out -- after account deleted
;; (session data persits).
( progn ( utils:set-alert
"Unable to delete session data." "error" )
( redirect "/" ) ) ) ) ) )
;; Not Authorised
( progn ( utils:set-alert "You are not logged in."
"error" )