closes #6412

7 years ago · 113fed05d8
parent 9641ada53c
commit 113fed05d8
3 changed files with 38 additions and 8 deletions
--- a/public/language/en-GB/user.json
+++ b/public/language/en-GB/user.json
@ -13,7 +13,7 @@
 	"ban_account_confirm": "Do you really want to ban this user?",
 	"unban_account": "Unban Account",
 	"delete_account": "Delete Account",
-	"delete_account_confirm": "Are you sure you want to delete your account? <br /><strong>This action is irreversible and you will not be able to recover any of your data</strong><br /><br />Enter your username to confirm that you wish to destroy this account.",
+	"delete_account_confirm": "Are you sure you want to delete your account? <br /><strong>This action is irreversible and you will not be able to recover any of your data</strong><br /><br />Enter your password to confirm that you wish to destroy this account.",
 	"delete_this_account_confirm": "Are you sure you want to delete this account? <br /><strong>This action is irreversible and you will not be able to recover any data</strong><br /><br />",
 	"account-deleted": "Account deleted",

--- a/public/src/client/account/edit.js
+++ b/public/src/client/account/edit.js
@ -158,22 +158,45 @@ define('forum/account/edit', ['forum/account/header', 'translator', 'components'
 	function handleAccountDelete() {
 		$('#deleteAccountBtn').on('click', function () {
 			translator.translate('[[user:delete_account_confirm]]', function (translated) {
-				var modal = bootbox.confirm(translated + '<p><input type="text" class="form-control" id="confirm-username" /></p>', function (confirm) {
+				var modal = bootbox.confirm(translated + '<p><input type="password" class="form-control" id="confirm-password" /></p>', function (confirm) {
 					if (!confirm) {
 						return;
 					}

-					if ($('#confirm-username').val() !== app.user.username) {
-						app.alertError('[[error:invalid-username]]');
-						return false;
-					}
-					socket.emit('user.deleteAccount', {}, function (err) {
+					var confirmBtn = modal.find('.btn-primary');
+					confirmBtn.html('<i class="fa fa-spinner fa-spin"></i>');
+					confirmBtn.prop('disabled', true);
+
+					socket.emit('user.checkPassword', {
+						uid: parseInt(ajaxify.data.uid, 10),
+						password: $('#confirm-password').val(),
+					}, function (err, ok) {
+						function restoreButton() {
+							translator.translate('[[modules:bootbox.confirm]]', function (confirmText) {
+								confirmBtn.text(confirmText);
+								confirmBtn.prop('disabled', false);
+							});
+						}
+
 						if (err) {
+							restoreButton();
 							return app.alertError(err.message);
+						} else if (!ok) {
+							restoreButton();
+							return app.alertError('[[error:invalid-password]]');
 						}

-						window.location.href = config.relative_path + '/';
+						confirmBtn.html('<i class="fa fa-check"></i>');
+						socket.emit('user.deleteAccount', {}, function (err) {
+							if (err) {
+								return app.alertError(err.message);
+							}
+
+							window.location.href = config.relative_path + '/';
+						});
 					});
+
+					return false;
 				});

 				modal.on('shown.bs.modal', function () {
--- a/src/socket.io/user/profile.js
+++ b/src/socket.io/user/profile.js
@ -103,6 +103,13 @@ module.exports = function (SocketUser) {
 		], callback);
 	}

+	SocketUser.checkPassword = function (socket, data, callback) {
+		isPrivilegedOrSelfAndPasswordMatch(socket.uid, data, function (err) {
+			// Return a bool (without delayed response to prevent brute-force checking of password validity)
+			setTimeout(callback.bind(null, null, !err), 1000);
+		});
+	};
+
 	SocketUser.changePassword = function (socket, data, callback) {
 		if (!socket.uid) {
 			return callback(new Error('[[error:invalid-uid]]'));