demand a valid password for account deletion
This commit is contained in:
parent
07b3ea19a6
commit
56342f21d2
2 changed files with 42 additions and 8 deletions
6
index.pl
6
index.pl
|
@ -1479,8 +1479,14 @@ post '/delete' => sub {
|
||||||
$self->render( 'account', invalid => 'csrf' );
|
$self->render( 'account', invalid => 'csrf' );
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
|
||||||
my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
|
my $now = DateTime->now( time_zone => 'Europe/Berlin' )->epoch;
|
||||||
|
|
||||||
if ( $self->param('action') eq 'delete' ) {
|
if ( $self->param('action') eq 'delete' ) {
|
||||||
|
if (not $self->authenticate($self->current_user->{name}, $self->param('password'))) {
|
||||||
|
$self->render( 'account', invalid => 'password' );
|
||||||
|
return;
|
||||||
|
}
|
||||||
$self->app->mark_for_deletion_query->execute( $now,
|
$self->app->mark_for_deletion_query->execute( $now,
|
||||||
$self->current_user->{id} );
|
$self->current_user->{id} );
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,3 +1,30 @@
|
||||||
|
% if (my $invalid = stash('invalid')) {
|
||||||
|
<div class="row">
|
||||||
|
<div class="col s12">
|
||||||
|
<div class="card red darken-4">
|
||||||
|
<div class="card-content white-text">
|
||||||
|
% if ($invalid eq 'csrf') {
|
||||||
|
<span class="card-title">Ungültiger CSRF-Token</span>
|
||||||
|
<p>Sind Cookies aktiviert? Ansonsten könnte es sich um einen
|
||||||
|
Fall von <a
|
||||||
|
href="https://de.wikipedia.org/wiki/Cross-Site-Request-Forgery">CSRF</a>
|
||||||
|
handeln.</p>
|
||||||
|
% }
|
||||||
|
% elsif ($invalid eq 'password') {
|
||||||
|
<span class="card-title">Ungültiges Passwort</span>
|
||||||
|
<p>Aus Sicherheitsgründen kann der Account nur nach Passworteingabe
|
||||||
|
gelöscht werden.</p>
|
||||||
|
% }
|
||||||
|
% else {
|
||||||
|
<span class="card-title">Unbekannter Fehler</span>
|
||||||
|
<p>„<%= $invalid %>“</p>
|
||||||
|
% }
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
</div>
|
||||||
|
% }
|
||||||
|
|
||||||
<h1>Account</h1>
|
<h1>Account</h1>
|
||||||
% my $acc = current_user();
|
% my $acc = current_user();
|
||||||
<div class="row">
|
<div class="row">
|
||||||
|
@ -192,17 +219,18 @@
|
||||||
</div>
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="row">
|
<div class="row">
|
||||||
<div class="col s1 m1 l3">
|
|
||||||
</div>
|
|
||||||
<div class="col s10 m10 l6 center-align">
|
|
||||||
%= form_for 'delete' => begin
|
%= form_for 'delete' => begin
|
||||||
|
<div class="input-field col s12 m12 l8">
|
||||||
|
<i class="material-icons prefix">lock</i>
|
||||||
|
%= password_field 'password', id => 'password', class => 'validate', required => undef, autocomplete => 'current-password'
|
||||||
|
<label for="password">Passwort</label>
|
||||||
|
</div>
|
||||||
|
<div class="input-field col s12 m12 l4 center-align">
|
||||||
%= csrf_field
|
%= csrf_field
|
||||||
<button class="btn waves-effect waves-light red" type="submit" name="action" value="delete">
|
<button class="btn waves-effect waves-light red" type="submit" name="action" value="delete">
|
||||||
Account löschen
|
Account löschen
|
||||||
</button>
|
</button>
|
||||||
|
</div>
|
||||||
%= end
|
%= end
|
||||||
</div>
|
</div>
|
||||||
<div class="col s1 m1 l3">
|
|
||||||
</div>
|
|
||||||
</div>
|
|
||||||
% }
|
% }
|
||||||
|
|
Loading…
Reference in a new issue