From 113fed05d82c9a78025b4ebbf54171be06a8b5da Mon Sep 17 00:00:00 2001 From: Julian Lam Date: Mon, 2 Apr 2018 12:29:22 -0400 Subject: [PATCH] closes #6412 --- public/language/en-GB/user.json | 2 +- public/src/client/account/edit.js | 41 ++++++++++++++++++++++++------- src/socket.io/user/profile.js | 7 ++++++ 3 files changed, 40 insertions(+), 10 deletions(-) diff --git a/public/language/en-GB/user.json b/public/language/en-GB/user.json index 5a3c05ae15..3dcf2521b4 100644 --- a/public/language/en-GB/user.json +++ b/public/language/en-GB/user.json @@ -13,7 +13,7 @@ "ban_account_confirm": "Do you really want to ban this user?", "unban_account": "Unban Account", "delete_account": "Delete Account", - "delete_account_confirm": "Are you sure you want to delete your account?
This action is irreversible and you will not be able to recover any of your data

Enter your username to confirm that you wish to destroy this account.", + "delete_account_confirm": "Are you sure you want to delete your account?
This action is irreversible and you will not be able to recover any of your data

Enter your password to confirm that you wish to destroy this account.", "delete_this_account_confirm": "Are you sure you want to delete this account?
This action is irreversible and you will not be able to recover any data

", "account-deleted": "Account deleted", diff --git a/public/src/client/account/edit.js b/public/src/client/account/edit.js index cafa271256..8b270a8fd2 100644 --- a/public/src/client/account/edit.js +++ b/public/src/client/account/edit.js @@ -158,22 +158,45 @@ define('forum/account/edit', ['forum/account/header', 'translator', 'components' function handleAccountDelete() { $('#deleteAccountBtn').on('click', function () { translator.translate('[[user:delete_account_confirm]]', function (translated) { - var modal = bootbox.confirm(translated + '

', function (confirm) { + var modal = bootbox.confirm(translated + '

', function (confirm) { if (!confirm) { return; } - if ($('#confirm-username').val() !== app.user.username) { - app.alertError('[[error:invalid-username]]'); - return false; - } - socket.emit('user.deleteAccount', {}, function (err) { - if (err) { - return app.alertError(err.message); + var confirmBtn = modal.find('.btn-primary'); + confirmBtn.html(''); + confirmBtn.prop('disabled', true); + + socket.emit('user.checkPassword', { + uid: parseInt(ajaxify.data.uid, 10), + password: $('#confirm-password').val(), + }, function (err, ok) { + function restoreButton() { + translator.translate('[[modules:bootbox.confirm]]', function (confirmText) { + confirmBtn.text(confirmText); + confirmBtn.prop('disabled', false); + }); } - window.location.href = config.relative_path + '/'; + if (err) { + restoreButton(); + return app.alertError(err.message); + } else if (!ok) { + restoreButton(); + return app.alertError('[[error:invalid-password]]'); + } + + confirmBtn.html(''); + socket.emit('user.deleteAccount', {}, function (err) { + if (err) { + return app.alertError(err.message); + } + + window.location.href = config.relative_path + '/'; + }); }); + + return false; }); modal.on('shown.bs.modal', function () { diff --git a/src/socket.io/user/profile.js b/src/socket.io/user/profile.js index d9c89df6a0..9d88713028 100644 --- a/src/socket.io/user/profile.js +++ b/src/socket.io/user/profile.js @@ -103,6 +103,13 @@ module.exports = function (SocketUser) { ], callback); } + SocketUser.checkPassword = function (socket, data, callback) { + isPrivilegedOrSelfAndPasswordMatch(socket.uid, data, function (err) { + // Return a bool (without delayed response to prevent brute-force checking of password validity) + setTimeout(callback.bind(null, null, !err), 1000); + }); + }; + SocketUser.changePassword = function (socket, data, callback) { if (!socket.uid) { return callback(new Error('[[error:invalid-uid]]'));